我有一个事件总线并创建了一个将事件转发到 SQS 队列的事件规则。现在,我使用默认的亚马逊管理密钥(别名/aws/sqs)为我的队列启用了加密。
启用加密后,不再转发事件。研究 AWS 文档我只能找到有关使用 CMK 进行加密的信息,但没有有关亚马逊托管密钥的信息。
我想这是一个权限问题,但不确定。这是我的活动规则和访问策略
queueCreateInvoiceEvent:
Type: AWS::Events::Rule
DependsOn: [myQueue]
Properties:
Description: Forward INVOICE_CREATED event to SQS queue
EventBusName: ${self:custom.eventBus.name}
EventPattern: { "detail-type": ["INVOICE_CREATED"] }
Name: ${self:service.name}-${self:provider.stage}-buffer-invoice-created-event
State: ENABLED
Targets:
- Id: myQueue
Arn:
Fn::GetAtt: [myQueue, Arn]
createReceiptQueueAccessPolicy:
Type: AWS::SQS::QueuePolicy
DependsOn: [queueCreateInvoiceEvent, myQueue]
Properties:
Queues:
- { Ref: createReceiptQueue }
PolicyDocument:
Id: EventBridgeSqsAccessPolicy
Version: "2012-10-17"
Statement:
- Sid: Allow-User-SendMessage
Effect: Allow
Principal:
Service: "events.amazonaws.com"
Action:
- sqs:SendMessage
Resource:
- Fn::GetAtt: ["myQueue", "Arn"]
Condition:
ArnEquals:
aws:SourceArn:
- Fn::GetAtt: ["queueCreateInvoiceEvent", "Arn"]