我正在尝试配置触发sns主题的cloudwatch事件规则。我一直面临的问题是从terrraform创建的事件模式从cloudwatch规则触发sns主题。下面是我的地形代码:
resource "aws_cloudwatch_event_rule" "s3-event" {
name = "s3-event"
description = "Capture each AWS s3 event"
event_pattern = <<EOF
{
"source": ["aws.s3"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["s3.amazonaws.com"],
"eventName": ["CreateBucket"]
}
}
EOF
}
将检查过的事件模式应用到aws ui后,它看起来像:
Event pattern
{
"detail": {
"eventName": ["CreateBucket"],
"eventSource": ["s3.amazonaws.com"]
},
"detail-type": ["AWS API Call via CloudTrail"],
"source": ["aws.s3"]
}
IT在创建s3 bucket时给出调用失败错误。然后保存为从aws控制台:
{
"source": ["aws.s3"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["s3.amazonaws.com"],
"eventName": ["CreateBucket"]
}
}
然后通过。
谁能建议我如何禁用地形来重新排列事件模式?
重新安排模式不是这里的解决方案,当我从地形创建cloudwatch事件时,默认情况下,它不会为sns创建访问策略,但在从AWS控制台创建访问策略后,我们必须像下面这样在地形中定义访问策略并附加到sns主题:
statement {
effect = "Allow"
actions = ["SNS:Publish"]
principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}