Amazon web services AWS SNS编辑主题策略-C#
我有一个SNS服务,我正在寻找使用C#sdk创建此部分策略的方法: 这是我在浏览器控制台中将其设置为“允许这些用户将消息发布到此主题”和“允许这些用户订阅此主题”时看到的,因为现在它应该对所有人开放 我这么做的目的是: (一) 结果:Amazon web services AWS SNS编辑主题策略-C#,amazon-web-services,amazon-sns,Amazon Web Services,Amazon Sns,我有一个SNS服务,我正在寻找使用C#sdk创建此部分策略的方法: 这是我在浏览器控制台中将其设置为“允许这些用户将消息发布到此主题”和“允许这些用户订阅此主题”时看到的,因为现在它应该对所有人开放 我这么做的目的是: (一) 结果: Invalid parameter: Policy Error: null (二) 在这两种情况下,我甚至不确定这些命令是否正确。有人能给我指出正确的道路吗 多谢各位 编辑 我已经创建了一个statment,并按照建议将其添加到策略中,并将其用于SetToPic
Invalid parameter: Policy Error: null
(二)
在这两种情况下,我甚至不确定这些命令是否正确。有人能给我指出正确的道路吗
多谢各位
编辑
我已经创建了一个statment,并按照建议将其添加到策略中,并将其用于SetToPictAttributesRequest:
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
Policy snsPolicy = new Policy();
snsPolicy.Id = "test_id";
snsPolicy.Statements.Add(statment);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = snsPolicy.ToJson();
snsClient.SetTopicAttributes(setTopicAttributesRequest);
但是错误“无效参数:策略错误:null”是相同的。根据AWS文档,您应该使用
Amazon.Auth.AccessControlPolicy中的Policy
对象
下面的代码创建策略对象。对于这种情况,您只需要一条语句。它有一个bucket+username的资源以及GET和PUT操作。作为附加的安全措施,让我们添加一个条件,将GET和PUT请求锁定到桌面客户端的IP地址
查看此项了解更多信息
Invalid parameter: Policy Error: null
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
snsClient.AuthorizeS3ToPublish("arn:aws:sns:MYARN", "MYBUCKET");
List<string> tl = new List<string>();
tl.Add("*");
List<string> tl2 = new List<string>();
tl2.Add("SNS:Subscribe");
tl2.Add("SNS:Receive");
Amazon.SimpleNotificationService.Model.AddPermissionResponse permissionResponse = snsClient.AddPermission("arn:aws:sns:MYARN", "SubscribePolicy", tl, tl2);
Invalid parameter: Policy statement action out of service scope!
AmazonSimpleNotificationServiceClient snsClient = new AmazonSimpleNotificationServiceClient(bucketRegion);
Policy snsPolicy = new Policy();
snsPolicy.Id = "test_id";
snsPolicy.Statements.Add(statment);
SetTopicAttributesRequest setTopicAttributesRequest = new SetTopicAttributesRequest();
setTopicAttributesRequest.TopicArn = "arn:aws:sns:MYARN";
setTopicAttributesRequest.AttributeName = "Policy";
setTopicAttributesRequest.AttributeValue = snsPolicy.ToJson();
snsClient.SetTopicAttributes(setTopicAttributesRequest);
public Policy GeneratePolicy(string bucket, string username, string ipAddress)
{
var statement = new Statement(Statement.StatementEffect.Allow);
// Allow access to the sub folder represented by the username in the bucket
statement.Resources.Add(ResourceFactory.NewS3ObjectResource(bucket, username + "/*"));
// Allow Get and Put object requests.
statement.Actions = new List()
{ S3ActionIdentifiers.GetObject, S3ActionIdentifiers.PutObject };
// Lock the requests coming from the client machine.
statement.Conditions.Add(ConditionFactory.NewIpAddressCondition(ipAddress));
var policy = new Policy();
policy.Statements.Add(statement);
return policy;
}