Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/amazon-web-services/13.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services 允许帐户中的任何AWS资源发布到SQS队列_Amazon Web Services_Amazon Sqs - Fatal编程技术网
Fatal编程技术网

Amazon web services 允许帐户中的任何AWS资源发布到SQS队列

amazon-web-services

Amazon web services 允许帐户中的任何AWS资源发布到SQS队列,amazon-web-services,amazon-sqs,Amazon Web Services,Amazon Sqs,,此策略允许任何S3 bucket向SNS主题发送通知: { "Version":"2012-10-17", "Id":"MyAWSPolicy", "Statement" :[ { "Sid":"My-statement-id", "Effect":"Allow", "Principal" :"*", "Action":"sns:Publish",

,此策略允许任何S3 bucket向SNS主题发送通知:

{
    "Version":"2012-10-17",
    "Id":"MyAWSPolicy",
    "Statement" :[
        {
            "Sid":"My-statement-id",
            "Effect":"Allow",
            "Principal" :"*",
            "Action":"sns:Publish",
            "Resource":"arn:aws:sns:us-east-1:111122223333:My-Topic",
            "Condition":{
               "StringEquals":{
                  "AWS:SourceAccount":"444455556666"
                }
            }
        }
    ]
}
我想对SQS队列而不是SNS主题执行同样的操作。此策略不起作用:

{
    "Version":"2012-10-17",
    "Id":"MyAWSPolicy",
    "Statement" :[
        {
            "Sid":"My-statement-id",
            "Effect":"Allow",
            "Principal" :"*",
            "Action":"sqs:SendMessage",
            "Resource":"arn:aws:sns:us-east-1:111122223333:My-Queue",
            "Condition":{
               "ArnLike":{
                  "aws:SourceArn":"arn:aws:s3:*:111122223333:*"
                }
            }
        }
    ]
}
这(允许世界上的每个AWS帐户)起作用:

但当我试图用校长来限制它时,它又不起作用了:

{
    "Version":"2012-10-17",
    "Id":"MyAWSPolicy",
    "Statement" :[
        {
            "Sid":"My-statement-id",
            "Effect":"Allow",
            "Principal" :"111122223333",
            "Action":"sqs:SendMessage",
            "Resource":"arn:aws:sns:us-east-1:111122223333:My-Queue",
            "Condition":{
               "ArnLike":{
                  "aws:SourceArn":"arn:aws:s3:*:*:*"
                }
            }
        }
    ]
}
“不工作”是指策略被接受为有效,但当我尝试配置S3 bucket以发送通知(NotificationConfiguration)时,会出现以下错误:

Unable to validate the following destination configurations : Permissions on the destination queue do not allow S3 to publish notifications from this bucket
负责人是将文件上载到S3的用户吗?我不认为这将成为AWS向SNS发送S3通知的主要方式。你到底想完成什么?您是否试图限制一个bucket向SNS主题发送通知?或者你试图限制一个bucket的一个用户触发SNS主题的通知吗?我试图使SQS可以从S3中上传的任何内容写入,因为只有为此AWS帐户创建的AWS IAM用户才能上传文件。除了避免来自其他帐户的通知之外,我对限制访问不感兴趣。 
Unable to validate the following destination configurations : Permissions on the destination queue do not allow S3 to publish notifications from this bucket