我正在尝试在创建 SQS 安全性时提高安全级别,我目前允许使用SQS:SendMessage
,但我也想指定一个角色 arn,但我不确定我当前的方式是否正确。
这是我当前的代码:
private async Task AddPermissions(string queueUrl, string arn)
{
var policy = new Policy
{
Statements = new List<Statement> {
new Statement(Statement.StatementEffect.Allow) {
Principals = new List<Principal> { new Principal("AWS_PROVIDER",ARN_NAME) }, // I'm not sure if this is the correct way to implement it, by default is Principal("*")
Actions = new List<ActionIdentifier> { new ActionIdentifier("SQS:SendMessage") },
Resources = new List<Resource> { new Resource(arn) }
}
}
};
var queueAttributes = new Dictionary<string, string> { { QueueAttributeName.Policy.ToString(), policy.ToJson() } };
await _amazonSQS.SetQueueAttributesAsync(new SetQueueAttributesRequest(queueUrl, queueAttributes));
}