我試圖啓用一個SNS主題使用.NET客戶端發送信息給定的SQS隊列:無法給SNS話題權限對SQS隊列編程
var policy = new Policy()
{
Statements = new List<Statement>() {
new Statement(Statement.StatementEffect.Allow) {
Principals = new List<Principal>() { Principal.AllUsers },
Actions = new List<ActionIdentifier>() { SQSActionIdentifiers.SendMessage },
Conditions = new List<Condition>
{
ConditionFactory.NewCondition(ConditionFactory.ArnComparisonType.ArnEquals, "aws:SourceArn", topicArn)
}
}
}
};
var request = new SetQueueAttributesRequest()
{
QueueUrl = queueUrl,
Attributes = new Dictionary<string, string>
{
{ QueueAttributeName.Policy, policy.ToJson()}
}
};
sqs.SetQueueAttributes(request);
這會生成不工作的策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "<sid>",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "sqs:SendMessage",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "arn:aws:sns:us-west-2:<id>:testTopic2"
}
}
}
]
}
但是如果我刪除此政策,並手動添加它,它的工作原理,以及它看起來幾乎相同,但存在一些不同:
{
"Version": "2012-10-17",
"Id": "arn:aws:sqs:us-west-2:<id>:testQueue2/SQSDefaultPolicy",
"Statement": [
{
"Sid": "<sid2>",
"Effect": "Allow",
"Principal": "*",
"Action": "SQS:SendMessage",
"Resource": "arn:aws:sqs:us-west-2:<id>:testQueue2",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "arn:aws:sns:us-west-2:<id>:testTopic2"
}
}
}
]
}
編程式的:
- 缺少
Id
。 - 說
"Principal" : "{ AWS: "*"}
而不是"Principal" : "*"
。
我試圖將Id和主體設置爲自定義,但我只獲取HTTP 400。
這將是正確的方式給予SNS主題權限發送消息到SQS隊列使用.NET客戶端?
這不是很明顯?您忘記了在代碼中生成資源。即「資源」:「arn:aws:sqs:us-west-2::testQueue2」「 –
mootmoot
:)我用 –
vtortola