设置SQS权限,为什么不应用主体?

时间:2015-08-19 21:01:32

标签: amazon-web-services amazon-sqs

我在policy的现有队列上调用setQueueAttributes,其中my-topic如下所示,旨在允许主题SendMessage在队列上my-queue principal }。除None仍为Everybody (*)而非principal外,该政策已成功应用。为什么{ "Version":"2012-10-17", "Id":"d46625b6-b24e-4343-9f4e-773299fc7c56", "Statement": { "Sid":"SNStoSQS", "Effect":"Allow", "Principal":"*", "Action":"sqs:SendMessage", "Resource":"arn:aws:sqs:us-east-1:111111111111:my-queue", "Condition": { "ArnEquals": { "aws:SourceArn":"arn:aws:sns:us-east-1:609131769936:my-topic" } } } } 没有被应用?

<!DOCTYPE html>
<html><head>
    <title>Error</title>
</head>
<body>
    <h2>
        Sorry, an error occurred while processing your request.
    </h2>

</body></html>

1 个答案:

答案 0 :(得分:1)

通过管理控制台将Amazon SQS队列订阅到Amazon SNS主题时,将自动生成以下策略:

{
  "Version": "2012-10-17",
  "Id": "arn:aws:sqs:ap-southeast-2:111111111111:my-queue/SQSDefaultPolicy",
  "Statement": [
    {
      "Sid": "Sid1111",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "SQS:SendMessage",
      "Resource": "arn:aws:sqs:ap-southeast-2:111111111111:my-queue",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:ap-southeast-2:111111111111:my-topic"
        }
      }
    }
  ]
}

看起来Principal字段的格式略有不同。

相关问题
最新问题