我想将s3:CreateObject:*事件发送到SQS队列。但是,设置通知配置会导致A client error (InvalidArgument) occurred when calling the PutBucketNotificationConfiguration operation: Unable to validate the following destination configurations
这就是我创建存储桶的方式:
aws s3api create-bucket --profile default --bucket my-bucket --create-bucket-configuration LocationConstraint=eu-west-1
这就是我创建SQS队列的方式
aws sqs create-queue --profile default --queue-name my-queue --attributes file://attributes.json
使用attributes.json文件
{
"DelaySeconds":"0",
"MessageRetentionPeriod":"3600",
"Policy":"{\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"sqs:SendMessage\",\"sqs:ReceiveMessage\"],\"Condition\":{\"ArnLike\": {\"aws:SourceArn\": \"arn:aws:s3:*:*:my-bucket\"}}}]}"
}
最后尝试设置抛出上面列出的错误消息的通知:
aws s3api put-bucket-notification-configuration --profile default --bucket my-bucket --notification-configuration file://notification.json`
使用notification.json文件
{
"TopicConfigurations": [
],
"QueueConfigurations": [
{
"QueueArn": "arn:aws:sqs:eu-west-1:123456789012:my-queue",
"Events": [
"s3:ObjectCreated:*"
],
"Filter": {
"Key": {
"FilterRules": [
{
"Name": "prefix",
"Value": "my-filter"
}
]
}
}
}
],
"LambdaFunctionConfigurations": [
]
}
我真的不知道错误可能在哪里。 谢谢你的帮助!
答案 0 :(得分:1)
您的SQS政策似乎无效。尝试将Id添加到您的政策中,并Resource添加到您的对帐单中。像这样:
{
"DelaySeconds":"0",
"MessageRetentionPeriod":"3600",
"Policy":"{\"Id\":\"someid\",\"Statement\":[{\"Effect\":\"Allow\",\"Resource\": \"arn:aws:sqs:eu-west-1:123456789012:my-queue\",\"Principal\":\"*\",\"Action\":[\"sqs:SendMessage\",\"sqs:ReceiveMessage\"],\"Condition\":{\"ArnLike\": {\"aws:SourceArn\": \"arn:aws:s3:*:*:my-bucket\"}}}]}"
}
以下是更多信息:
同样,当从命令行调用API时,可以使用--debug参数。您会看到完整的错误消息:
aws --debug s3api ...
答案 1 :(得分:0)
我有一个有效的脚本。我把它发布在这里,其他人可能会对此感到困惑: - )
#!/usr/bin/env python
import boto3
import json
bucket_name='spike-bucket-000'
queue_name='spike_queue_000'
region='eu-west-1'
s3 = boto3.client('s3', region)
sqs = boto3.client('sqs', region)
def check_if_bucket_exists(name):
s3.head_bucket(Bucket=bucket_name)
try:
check_if_bucket_exists(bucket_name)
print('Bucket {} exists'.format(bucket_name))
except botocore.exceptions.ClientError:
print('Creating bucket {}'.format(bucket_name))
s3.create_bucket(Bucket=bucket_name, CreateBucketConfiguration={'LocationConstraint': region})
print('Ensuring queue {} exists'.format(queue_name))
response = sqs.create_queue(QueueName=queue_name)
queue_url = response['QueueUrl']
response = sqs.get_queue_attributes(QueueUrl=queue_url, AttributeNames=['QueueArn'])
queue_arn = response['Attributes']['QueueArn']
print('Granting bucket permission to post messages to queue')
queue_policy={
"Version": "2008-10-17",
"Id": "example-ID",
"Statement": [
{
"Sid": "example-statement-ID",
"Effect": "Allow",
"Principal": {
"AWS":"*"
},
"Action": [
"SQS:SendMessage"
],
"Resource": queue_arn,
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:" + bucket_name
}
}
}
]
}
sqs.set_queue_attributes(QueueUrl=queue_url, Attributes={'Policy': json.dumps(queue_policy)})
print('Configuring bucket to notify object creation to queue')
response = s3.put_bucket_notification_configuration(
Bucket=bucket_name,
NotificationConfiguration={
'QueueConfigurations': [
{
'Id': 'Notify-ObjectCreated-To-Queue',
'QueueArn': queue_arn,
'Events': [
's3:ObjectCreated:*',
]
# ,
# 'Filter': {
# 'Key': {
# 'FilterRules': [
# {
# 'Name': 'prefix'|'suffix',
# 'Value': 'string'
# },
# ]
# }
#}
},
]
}
)
答案 2 :(得分:0)
需要有相应的Lambda:Invoke权限;确保Lambda拥有对存储桶的权限(如果对存储桶和键赋予某些Invoke:Permissions,则会中断)
答案 3 :(得分:0)
感谢 Lubo Sach 的回答,我可以在 SQS 中使用此政策使其正常工作:
{
"Version": "2008-10-17",
"Id": "27097a52-cae3-49fe-84ce-0020893e394c",
"Statement": [
{
"Sid": "__owner_statement",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::9970XXXX4660:root"
},
"Action": "SQS:*",
"Resource": "arn:aws:sqs:us-east-1:9970XXXX4660:bucketname"
},
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"sqs:SendMessage",
"sqs:ReceiveMessage"
],
"Resource": "arn:aws:sqs:us-east-1:9970XXXX4660:bucketname",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:bucketname"
}
}
}
]
}