Amazon web services 启用AWS KMS的SQS未获取AWS SNS消息
我正在尝试SNS(AccountA)和支持KMS的SQS(AccountB)之间的跨帐户集成。 以下是SQS和SNS的配置 在SNS(帐户A)中,添加了以下配置:Amazon web services 启用AWS KMS的SQS未获取AWS SNS消息,amazon-web-services,amazon-iam,amazon-sqs,amazon-sns,Amazon Web Services,Amazon Iam,Amazon Sqs,Amazon Sns,我正在尝试SNS(AccountA)和支持KMS的SQS(AccountB)之间的跨帐户集成。 以下是SQS和SNS的配置 在SNS(帐户A)中,添加了以下配置: { "Version": "2008-10-17", "Id": "__default_policy_ID", "Statement": [ { "Sid": "__defa
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Publish",
"SNS:RemovePermission",
"SNS:SetTopicAttributes",
"SNS:DeleteTopic",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:Receive",
"SNS:AddPermission",
"SNS:Subscribe"
],
"Resource": "arn:aws:sns:us-west-2:AccountA:test-SNS",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "AccountA"
}
}
},
{
"Sid": "__console_sub_0",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::637477570661:root"
},
"Action": [
"SNS:Subscribe",
"SNS:Receive"
],
"Resource": "arn:aws:sns:us-west-2:AccountA:test-SNS"
}
]
}
以下是帐户B中启用KMS的SQS配置:
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "Stmt1599823980845",
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Action": "sqs:*",
"Resource": "arn:aws:sqs:us-west-2:AccountB:test-SQS",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "arn:aws:sns:us-west-2:AccountA:test-SNS"
}
}
},
{
"Sid": "__owner_statement",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::AccountB:root"
},
"Action": "SQS:*",
"Resource": "arn:aws:sqs:us-west-2:AccountB:test-SQS"
},
{
"Sid": "__receiver_statement",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::AccountA:root"
},
"Action": [
"SQS:ChangeMessageVisibility",
"SQS:DeleteMessage",
"SQS:ReceiveMessage"
],
"Resource": "arn:aws:sqs:us-west-2:AccountB:test-SQS"
},
{
"Sid": "__receiver_statement_from_lambda",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::AccountA:root"
},
"Action": [
"SQS:ChangeMessageVisibility",
"SQS:DeleteMessage",
"SQS:SendMessage",
"SQS:ReceiveMessage"
],
"Resource": "arn:aws:sqs:us-west-2:AccountB:test-SQS"
}
]
}
问题是,当我在SQS中启用CMK时,在SQS端不会接收消息。请导游