Amazon web services Cloudwatch自定义事件SQS无法工作_Amazon Web Services_Terraform_Amazon Cloudwatch_Terraform Provider Aws_Amazon Cloudwatch Events

Amazon web services Cloudwatch自定义事件SQS无法工作

amazon-web-services terraform

Amazon web services Cloudwatch自定义事件SQS无法工作,amazon-web-services,terraform,amazon-cloudwatch,terraform-provider-aws,amazon-cloudwatch-events,Amazon Web Services,Terraform,Amazon Cloudwatch,Terraform Provider Aws,Amazon Cloudwatch Events,我使用terraform创建队列，同时创建Cloudwatch事件规则，并将其中一个队列设置为规则的目标总之，我有一个队列，它是3个单独的cloudwatch事件的目标。问题是，尽管cloudwatch事件规则是相同的，但只有一个规则在通过terraform创建时有效，其他规则在控制台中以调用失败告终，没有日志或任何类型的可调试信息。如果自定义事件是从aws控制台创建的，那么所有这些都可以正常工作在terraform中创建队列唯一的工作区我认为您对SQS队列的权限缺失或不正确。假设您正在

我使用terraform创建队列，同时创建Cloudwatch事件规则，并将其中一个队列设置为规则的目标

总之，我有一个队列，它是3个单独的cloudwatch事件的目标。问题是，尽管cloudwatch事件规则是相同的，但只有一个规则在通过terraform创建时有效，其他规则在控制台中以调用失败告终，没有日志或任何类型的可调试信息。如果自定义事件是从aws控制台创建的，那么所有这些都可以正常工作

在terraform中创建队列唯一的工作区

我认为您对SQS队列的权限缺失或不正确。假设您正在terraform（问题中未显示）中创建

队列\u cron

，队列及其允许CW事件向其发送消息的策略将是：

data "aws_caller_identity" "current" {}

data "aws_region" "current" {}

resource "aws_sqs_queue" "queue_cron" {
  name   = "queue_cron"
}

resource "aws_sqs_queue_policy" "test" {

  queue_url = aws_sqs_queue.queue_cron.id

  policy = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "sqspolicy",
  "Statement": [
    {
      "Sid": "First",
      "Effect": "Allow",
      "Principal": {
        "AWS": "${data.aws_caller_identity.current.account_id}"
      },
      "Action": "sqs:*",
      "Resource": "${aws_sqs_queue.queue_cron.arn}"
    },
    {
      "Sid": "AWSEvents_",
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sqs:SendMessage",
      "Resource": "${aws_sqs_queue.queue_cron.arn}",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:events:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:rule/*"
        }
      }
    }  
  ]
}
POLICY
}

data“aws\u caller\u identity”当前“{}
数据“aws_区域”“当前”{}
资源“aws_sqs_queue”“queue_cron”{
name=“queue\u cron”
}
资源“aws_sqs_队列_策略”“测试”{
queue\u url=aws\u sqs\u queue.queue\u cron.id
policy=您是否设置了SQS策略来授予CW events发布到SQS的权限？@Marchin我已经更新了这个问题，以包括队列的创建，并且我确实没有附加任何特定的策略。我将尝试上面的代码，但是如果e策略不正确，它们都不应该起作用。@JudeFernandes这是正确的。但由于您没有显示队列创建或其策略，可能的情况是，它是在AWS控制台中创建的，并且只为一个队列设置了策略。@Marchin这确实是策略，非常感谢。整个infra完全是使用te构建的直到事件失败时，我才尝试通过控制台执行。奇怪的是，其中一个有效，而另一个无效，但它们现在都有效，因为策略已附加。
resource "aws_cloudwatch_event_rule" "eve_vendors_bot_sync" {
  name                = "vendors-bot-sync"
  schedule_expression = "rate(1 minute)"
  description         = "Notify cron queue for vendors bot sync"
  is_enabled          = true
}

resource "aws_cloudwatch_event_target" "sqs_cron_vendors_bot_sync" {
  rule      = aws_cloudwatch_event_rule.eve_vendors_bot_sync.name
  arn       = var.queue_cron_arn
  target_id = "sqsCronVendorBotSync"

  input_transformer {
    input_template = <<EOF
{
   "messageType":"cron",
   "cronType":"vendors-bot-sync"
}
EOF
  }
}

resource "aws_cloudwatch_event_rule" "eve_restos_sync" {
  name                = "restos-sync"
  schedule_expression = "rate(1 minute)"
  description         = "Notify cron queue for restos sync"
  is_enabled          = true
}

resource "aws_cloudwatch_event_target" "sqs_cron_restos_sync" {
  rule      = aws_cloudwatch_event_rule.eve_restos_sync.name
  arn       = var.queue_cron_arn
  target_id = "sqsCronRestosSync"

  input_transformer {
    input_template = <<EOF
{
   "messageType":"cron",
   "cronType":"restaurant-hours-open-close-management"
}
EOF
  }
}

resource "aws_cloudwatch_event_rule" "eve_vendors_orders_sync" {
  name                = "vendors-orders-sync"
  schedule_expression = "rate(1 minute)"
  description         = "Notify cron queue for vendors orders sync"
  is_enabled          = true
}
resource "aws_cloudwatch_event_target" "target_cron_vendors_sync" {
  rule      = aws_cloudwatch_event_rule.eve_vendors_orders_sync.name
  arn       = var.queue_cron_arn
  target_id = "sqsCronVendorsOrderSync"

  input_transformer {
    input_template = <<EOF
{
   "messageType":"cron",
   "cronType":"vendors-orders-sync"
}
EOF
  }
}

resource "aws_sqs_queue" "queue_cron" {
  name                       = "cron"
  visibility_timeout_seconds = 300 # 5 minutes
  delay_seconds              = 0
  message_retention_seconds  = 1800 # 30 minutes
  receive_wait_time_seconds  = 20
}

data "aws_iam_policy_document" "policy_sqs" {
  statement {

    sid    = "AWSEvents_"
    effect = "Allow"
    actions = [
      "sqs:SendMessage",
    ]

    principals {
      type        = "Service"
      identifiers = ["events.amazonaws.com"]
    }

    resources = [aws_sqs_queue.queue_cron.arn]

  }
}

resource "aws_sqs_queue_policy" "cron_sqs_policy" {

  queue_url = aws_sqs_queue.queue_cron.id
  policy    = data.aws_iam_policy_document.policy_sqs.json

}


data "aws_caller_identity" "current" {}

data "aws_region" "current" {}

resource "aws_sqs_queue" "queue_cron" {
  name   = "queue_cron"
}

resource "aws_sqs_queue_policy" "test" {

  queue_url = aws_sqs_queue.queue_cron.id

  policy = <<POLICY
{
  "Version": "2012-10-17",
  "Id": "sqspolicy",
  "Statement": [
    {
      "Sid": "First",
      "Effect": "Allow",
      "Principal": {
        "AWS": "${data.aws_caller_identity.current.account_id}"
      },
      "Action": "sqs:*",
      "Resource": "${aws_sqs_queue.queue_cron.arn}"
    },
    {
      "Sid": "AWSEvents_",
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sqs:SendMessage",
      "Resource": "${aws_sqs_queue.queue_cron.arn}",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:events:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:rule/*"
        }
      }
    }  
  ]
}
POLICY
}