1

我已经多次阅读AWS SNS/SQS 订阅说明,并浏览了几个不同的博客和 StackOverflow 帖子,尝试了各种不同的事情。但是,无论我尝试向 SNS 发布消息并从 SQS 轮询/接收消息多少次,它都不会从另一端弹出。我希望我错过了一些非常明显的东西,一个比我有更多经验/更新鲜的眼睛的人。

对于某些背景,我在同一个帐户中创建了 SQS 和 SNS。在为它们设置访问策略后,我最后创建订阅。我确保当我创建订阅时,我会看到一个绿色的小复选标记,表示订阅已被确认。没什么花哨的,没有 FIFO 队列,我将可见性超时设置为 1 分钟,并且队列的接收消息等待时间也相对较低。我的帐户中只有一个 SQS 和一个 SNS,所以我不会搞砸订阅或授予对错误的访问权限。

对于我的 SQS 访问策略,它看起来像这样:

{
 "Version": "2012-10-17",
 "Id": "allow_sns_access_policy",
 "Statement": [
   {
     "Effect": "Allow",
     "Principal": {
       "Service": "sns.amazonaws.com"
      },
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sqs:us-east-1:<my_unique_id>:<name_of_my_queue>",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:us-east-1:<my_unique_id>:<name_of_my_topic>"
        }
      }
    }
  ]
}

我的 SNS 访问策略如下:

{
  "Version": "2012-10-17",
  "Id": "allow_sqs_access_policy",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "sqs.amazonaws.com"
      },
      "Action": "sns:Subscribe",
      "Resource": "arn:aws:sqs:us-east-1:<my_unique_id>:<name_of_my_topic>",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:us-east-1:<my_unique_id>:<name_of_my_queue>"
        }
      }
    }
  ]
}

我确保复制和粘贴arn资源以限制拼写错误。我已经尝试过其他东西,但所有这些都没有奏效。这对我来说应该有效,但没有。

4

1 回答 1

2

我猜这些政策有时会很挑剔。我试图删除这些策略,但即使它们在同一个区域也不起作用。所以这就是我最终为这两个策略设置的内容,以使它们能够正确通信。也许有人对如何使它变得更好有建议,但就目前而言,这是可行的。

社交网络政策:

{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "Service": "sqs.amazonaws.com"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
        "SNS:AddPermission",
        "SNS:RemovePermission",
        "SNS:DeleteTopic",
        "SNS:Subscribe",
        "SNS:ListSubscriptionsByTopic",
        "SNS:Publish",
        "SNS:Receive"
      ],
      "Resource": "arn:aws:sns:<region>:<topic_owner>:<topic>",
      "Condition": {
        "StringEquals": {
          "AWS:SourceOwner": "<topic_owner>"
        }
      }
    },
    {
      "Sid": "s3-publish",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sns:Publish",
      "Resource": "arn:aws:sns:<region>:<topic_owner>:<topic>",
      "Condition": {
        "StringEquals": {
          "AWS:SourceAccount": "<topic_owner>"
        },
        "ArnLike": {
          "AWS:SourceArn": "arn:aws:s3:*:*:*"
        }
      }
    }
  ]
}

SQS 政策

{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__owner_statement",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<topic_owner>:root"
      },
      "Action": "SQS:*",
      "Resource": "arn:aws:sqs:<region>:<topic_owner>:<queue_name>"
    },
    {
      "Sid": "topic-subscription-arn:aws:sns:<region>:<topic_owner>:<topic_name>",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "SQS:SendMessage",
      "Resource": "arn:aws:sqs:<region>:<topic_owner>:<queue_name>",
      "Condition": {
        "ArnLike": {
          "aws:SourceArn": "arn:aws:sns:<region>:<topic_owner>:<topic_name>"
        }
      }
    }
  ]
}
于 2021-09-07T21:53:04.643 回答