我正在尝试使用AWS SDK(Java)创建SNS平台应用程序并为其启用交付状态功能。作为第一步,我创建了必要的角色“SNSSuccessFeedback”和“SNSFailureFeedback”。示例代码(Groovy):
AmazonIdentityManagementClient aimClient = getAimClient(/*credentials*/)
// create "SNSSuccessFeedback" role:
aimClient.createRole(new CreateRoleRequest().withRoleName("SNSSuccessFeedback")
.withAssumeRolePolicyDocument('{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"sns.amazonaws.com"},"Action":"sts:AssumeRole"}]}'))
aimClient.putRolePolicy(new PutRolePolicyRequest().withRoleName("SNSSuccessFeedback")
.withPolicyName("oneClick_SNSSuccessFeedback_1234567890")
.withPolicyDocument('{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents","logs:PutMetricFilter","logs:PutRetentionPolicy"],"Resource":["*"]}]}'))
// the same code for "SNSFailureFeedback" role
// get ARN for both "SNSSuccessFeedback" and "SNSFailureFeedback"
// create platform application:
AmazonSNSClient snsClient = getSnsClient(/*credentials*/)
snsClient.createPlatformApplication(new CreatePlatformApplicationRequest()
.withName("myapp")
.withPlatform("APNS")
.withAttributes([PlatformPrincipal: "certificate", PlatformCredential: "key",
SuccessFeedbackRoleArn: successRoleArn, FailureFeedbackRoleArn: failureRoleArn,
SuccessFeedbackSampleRate: "100"]))
但由于某种原因,我得到错误:
无效参数:属性原因:属性值无效:FailureFeedbackRoleArn:arn:aws:iam :: 1234567890:role / SNSFailureFeedback不是允许SNS写入Cloudwatch日志的有效角色(服务:AmazonSNS;状态代码:400 ;错误代码:InvalidParameter;请求ID:c1dbd591-f044-584a-bbac-85fa9a0cbe8d)
如果我只是在角色创建之后和平台应用程序创建之前添加延迟(例如Thread.sleep(5000)),那么将成功创建平台应用程序而不会出错。
那么,在启用交付状态的情况下创建角色和平台应用程序的正确方法是什么?
答案 0 :(得分:2)
创建角色时,您将体验到最终的一致性。时间延迟允许角色对下一个API请求“可见”的时间。您可以枚举IAM角色,而不是任意时间延迟,以查看您需要的角色是否“可见”。