Amazon cloudformation 如何使用clouldformation触发器将cloudWatch事件转发日志到SQS队列
我有以下cloudformation模板来创建一个cloudwatch事件、一个SQS队列、一个SQSQueuepolicy,以允许cloudwatch在s3对象更新时将日志转发到SQS队列 但是,;模板成功完成后。除非(通过aws控制台)“cloudwatch”-->选择我的事件-->单击直到步骤2事件详细信息“向SQS队列添加权限”-->更新事件,否则我不会在SQS队列中看到日志 我认为缺少的部分可能是,为了授予权限,我需要事件目标中的“RoleArn”。但是,AWS:SQS:QUEUEPOLICY不返回ARN。 我怎样才能在云形成中做到这一点 谢谢Amazon cloudformation 如何使用clouldformation触发器将cloudWatch事件转发日志到SQS队列,amazon-cloudformation,amazon-sqs,amazon-cloudwatch,Amazon Cloudformation,Amazon Sqs,Amazon Cloudwatch,我有以下cloudformation模板来创建一个cloudwatch事件、一个SQS队列、一个SQSQueuepolicy,以允许cloudwatch在s3对象更新时将日志转发到SQS队列 但是,;模板成功完成后。除非(通过aws控制台)“cloudwatch”-->选择我的事件-->单击直到步骤2事件详细信息“向SQS队列添加权限”-->更新事件,否则我不会在SQS队列中看到日志 我认为缺少的部分可能是,为了授予权限,我需要事件目标中的“RoleArn”。但是,AWS:SQS:QUEUEPO
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"LucyQueue": {
"Type": "AWS::SQS::Queue",
"Properties": {
"QueueName": "LucySQS"
}
},
"LucyQueuePolicy": {
"Type": "AWS::SQS::QueuePolicy",
"Properties": {
"PolicyDocument": {
"Version": "2012-10-17",
"Id": "arn:aws:sqs:ca-central-1:805182230944:LucySQS/SQSDefaultPolicy",
"Statement": [
{
"Sid": "Sid1513273009724",
"Effect": "Allow",
"Principal": "*",
"Action": "SQS:SendMessage",
"Resource": {
"Ref": "LucyQueue"
},
"Condition": {
"ArnEquals": {
"aws:SourceArn": {
"Fn::GetAtt": [
"LucyEventRule",
"Arn"
]
}
}
}
}
]
},
"Queues": [
{
"Ref": "LucyQueue"
}
]
}
},
"LucyEventRule": {
"Type": "AWS::Events::Rule",
"Properties": {
"Description": "LucyEventRule",
"EventPattern": {
"source": [
"aws.s3"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"s3.amazonaws.com"
],
"eventName": [
"PutObject",
"UploadPart",
"CreateMultipartUpload"
]
}
},
"State": "ENABLED",
"Targets": [
{
"Arn": {
"Fn::GetAtt": [
"LucyQueue",
"Arn"
]
},
"Id": "lucy_event1",
***"RoleArn" : "Do i need this ? if yes, How to get the Arn"***
}
]
}
}
}
}我发现问题在于我在QueuePolicy中放置了错误的resourceID 工作模板:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
"LucyQueue": {
"Type": "AWS::SQS::Queue",
"Properties": {
"QueueName": "LucySQS"
}
},
"LucyQueuePolicy": {
"DependsOn": [
"LucyQueue",
"LucyEventRule"
],
"Type": "AWS::SQS::QueuePolicy",
"Properties": {
"PolicyDocument": {
"Version": "2012-10-17",
"Id": "LucyQueuePolicy",
"Statement": [
{
"Sid": "AWS_Lucy_event",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "sqs:SendMessage",
"Resource": {
"Fn::GetAtt": [
"LucyQueue",
"Arn"
]
},
"Condition": {
"ArnEquals": {
"aws:SourceArn": {
"Fn::GetAtt": [
"LucyEventRule",
"Arn"
]
}
}
}
}
]
},
"Queues": [
{
"Ref": "LucyQueue"
}
]
}
},
"LucyEventRule": {
"Type": "AWS::Events::Rule",
"Properties": {
"Description": "LucyEventRule",
"EventPattern": {
"source": [
"aws.s3"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"s3.amazonaws.com"
],
"eventName": [
"PutObject",
"UploadPart",
"CreateMultipartUpload"
]
}
},
"State": "ENABLED",
"Targets": [
{
"Arn": {
"Fn::GetAtt": [
"LucyQueue",
"Arn"
]
},
"Id": "lucy_event1",
}
]
}
}
}
}