答案 0 :(得分:1)
我认为您需要AWS :: SNS :: TopicPolicy资源。查看此链接AWS::SNS::TopicPolicy
答案 1 :(得分:1)
您可以使用此方法-我已删除了锁定自己帐户的默认条件
SNSAccessPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
PolicyDocument:
Id: <Yourtopic>
Statement:
-
Action:
- "sns:Publish"
- "SNS:GetTopicAttributes"
- "SNS:SetTopicAttributes"
- "SNS:AddPermission"
- "SNS:RemovePermission"
- "SNS:DeleteTopic"
- "SNS:Subscribe"
- "SNS:ListSubscriptionsByTopic"
- "SNS:Publish"
- "SNS:Receive"
Effect: Allow
Principal:
AWS: "*"
Resource:
Ref: <Yourtopic>
Topics:
-
Ref: <Yourtopic>
答案 2 :(得分:1)
正如其中一条评论所指出的,您不想使用 AWS:* 作为委托人,因为它授予任何拥有 AWS 帐户访问权限的人。
要创建 SNS 主题并限制对某些服务或帐户中任何人的访问,请使用以下示例。
“AllowServices”SID 显示如何添加多个服务,而 AllowAWS 允许帐户中的任何内容访问它。
---
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
Email:
Type: String
Default: <your name here>
Resources:
Topic:
Type: AWS::SNS::Topic
Properties:
TopicName: TestTopic
Subscription:
- Endpoint: !Ref Email
Protocol: email
TopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
PolicyDocument:
Statement:
- Sid: AllowServices
Effect: Allow
Principal:
Service:
- events.amazonaws.com
- cloudwatch.amazonaws.com
Action: 'sns:Publish'
Resource:
- !Ref Topic
- Sid: AllowAWS
Effect: Allow
Principal:
AWS: !Sub "arn:aws:iam::${AWS::AccountId}:root"
Action: 'sns:Publish'
Resource:
- !Ref Topic
Topics:
- !Ref Topic