小贝子编程

创建一个S3 bucket,用于向SNS主题发送通知



我正在尝试创建一个s3 bucket,每当对象被放入s3 bucket时,该bucket就会向SNS主题发送通知。我的S3 bucket叫做foo-bucket,我的SNS主题叫做foo-topic。我知道如何在aws控制台中设置,但在尝试通过cloudformation进行设置时遇到了麻烦。

这是我目前拥有的代码

Resources:
SNSTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: foo-topic
SNSTopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
PolicyDocument:
Id: MyTopicPolicy
Version: '2012-10-17'
Statement:
- Sid: Statement-id
Effect: Allow
Principal:
Service: s3.amazonaws.com
Action: sns:Publish
Resource:
Ref: SNSTopic
Condition:
ArnLike:
aws:SourceArn:
Fn::Join:
- ''
- - 'arn:aws:s3:::'
- Ref: S3Bucket
Topics:
- Ref: SNSTopic
S3Bucket:
Type: AWS::S3::Bucket
Properties:
BucketName: foo-bucket 
AccessControl: BucketOwnerFullControl
NotificationConfiguration:
TopicConfigurations:
- Topic:
Ref: SNSTopic
Event: s3:ObjectCreated:Put

由于以下错误,我尝试部署上述和cfn回滚

无法验证以下目标配置(服务:亚马逊S3;状态代码:400;错误代码:InvalidArgument;请求ID:fooooo;S3扩展请求ID:foooid;代理:空(

我有一个创建bucket、sns主题和通知配置的cloudformation示例。如前所述,您需要确保正确的依赖顺序。

通知配置不检查资源是否存在,因此我们需要使用DependsOn属性来检查

在创建SNS主题策略时,也要注意潜在的循环引用。我将bucket名称定义为字符串,而不是引用。它允许在bucket的通知配置之前创建具有其策略的SNS。

IngestionBucketDev:
Type: AWS::S3::Bucket
DependsOn:
- IngestionTopicDev
- IngestionTopicPolicy
Properties: 
BucketName: "ingestion-codebucket-7832df8b-dev"
NotificationConfiguration:
TopicConfigurations:
-  Topic: !Ref IngestionTopicDev
Event: 's3:ObjectCreated:*'
Filter:
S3Key:
Rules:
- Name: suffix
Value: ".json"
PublicAccessBlockConfiguration:
RestrictPublicBuckets: true
BlockPublicPolicy: true


IngestionTopicDev:
Type: AWS::SNS::Topic
Properties: 
TopicName: "elearn-ingest-topic"
DisplayName: "elearn-ingest-topic"

IngestionTopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties: 
Topics:
- !Ref IngestionTopicDev
PolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- 'sns:Publish'
Effect: Allow
Resource: !Ref IngestionTopicDev
Principal: 
Service: "s3.amazonaws.com"
Condition:
ArnEquals:
"aws:SourceArn": "arn:aws:s3:::ingestion-codebucket-7832df8a-dev"

是的,您的问题是依赖关系;(

我也有同样的问题,如果你不指定依赖顺序,比如先创建SNS,然后在Bucket部分获得用REF创建的ID,你会遇到目标配置的问题。

请点击此链接解决您的问题,您将看到DependsOn:

https://aws.amazon.com/premiumsupport/knowledge-center/unable-validate-destination-s3/?nc1=h_ls

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium