如何使用clouldformation触发cloudWatch事件转发日志到SQS队列

时间:2017-12-15 19:52:22

标签: amazon-cloudformation amazon-sqs amazon-cloudwatch

我有以下cloudformation模板来创建一个cloudwatch事件,一个SQS队列,SQSQueuepolicy,以便在s3对象更新时允许cloudwatch将日志转发到SQS队列

然而;模板成功完成后。我没有看到登录SQS队列,除非我去(通过aws控制台)“cloudwatch” - >选择了我的活动 - >点击直到step2事件详细信息'添加对SQS队列的权限“ - >更新事件

我认为缺少的部分可能是我需要在事件Target中使用“RoleArn”才能授予权限。然而; AWS:SQS:QUEUEPOLICY不返回ARN。 我如何使用cloudFormation做到这一点?

谢谢!

{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
    "LucyQueue": {
        "Type": "AWS::SQS::Queue",
        "Properties": {
            "QueueName": "LucySQS"
        }
    },
    "LucyQueuePolicy": {
        "Type": "AWS::SQS::QueuePolicy",
        "Properties": {
            "PolicyDocument": {
                "Version": "2012-10-17",
                "Id": "arn:aws:sqs:ca-central-1:805182230944:LucySQS/SQSDefaultPolicy",
                "Statement": [
                    {
                        "Sid": "Sid1513273009724",
                        "Effect": "Allow",
                        "Principal": "*",
                        "Action": "SQS:SendMessage",
                        "Resource": {
                            "Ref": "LucyQueue"
                        },
                        "Condition": {
                            "ArnEquals": {
                                "aws:SourceArn": {
                                    "Fn::GetAtt": [
                                        "LucyEventRule",
                                        "Arn"
                                    ]
                                }
                            }
                        }
                    }
                ]
            },
            "Queues": [
                {
                    "Ref": "LucyQueue"
                }
            ]
        }
    },

    "LucyEventRule": {
        "Type": "AWS::Events::Rule",
        "Properties": {
            "Description": "LucyEventRule",
            "EventPattern": {
                "source": [
                    "aws.s3"
                ],
                "detail-type": [
                    "AWS API Call via CloudTrail"
                ],
                "detail": {
                    "eventSource": [
                        "s3.amazonaws.com"
                    ],
                    "eventName": [
                        "PutObject",
                        "UploadPart",
                        "CreateMultipartUpload"
                    ]
                }
            },
            "State": "ENABLED",
            "Targets": [
                {
                    "Arn": {
                        "Fn::GetAtt": [
                            "LucyQueue",
                            "Arn"
                        ]
                    },
                    "Id": "lucy_event1",
                    ***"RoleArn" : "Do i need this ? if yes, How to get the Arn"***
                }
            ]
        }
    }

}

}

1 个答案:

答案 0 :(得分:1)

我发现问题是我在QueuePolicy中放错了resourceID

工作模板:

{
"AWSTemplateFormatVersion": "2010-09-09",
"Resources": {
    "LucyQueue": {
        "Type": "AWS::SQS::Queue",
        "Properties": {
            "QueueName": "LucySQS"
        }
    },
    "LucyQueuePolicy": {
        "DependsOn": [
            "LucyQueue",
            "LucyEventRule"
        ],
        "Type": "AWS::SQS::QueuePolicy",
        "Properties": {
            "PolicyDocument": {
                "Version": "2012-10-17",
                "Id": "LucyQueuePolicy",
                "Statement": [
                    {
                        "Sid": "AWS_Lucy_event",
                        "Effect": "Allow",
                        "Principal": {
                            "AWS": "*"
                        },
                        "Action": "sqs:SendMessage",
                        "Resource": {
                            "Fn::GetAtt": [
                                "LucyQueue",
                                "Arn"
                            ]
                        },
                        "Condition": {
                            "ArnEquals": {
                                "aws:SourceArn": {
                                    "Fn::GetAtt": [
                                        "LucyEventRule",
                                        "Arn"
                                    ]
                                }
                            }
                        }
                    }
                ]
            },
            "Queues": [
                {
                    "Ref": "LucyQueue"
                }
            ]
        }
    },
    "LucyEventRule": {
        "Type": "AWS::Events::Rule",
        "Properties": {
            "Description": "LucyEventRule",
            "EventPattern": {
                "source": [
                    "aws.s3"
                ],
                "detail-type": [
                    "AWS API Call via CloudTrail"
                ],
                "detail": {
                    "eventSource": [
                        "s3.amazonaws.com"
                    ],
                    "eventName": [
                        "PutObject",
                        "UploadPart",
                        "CreateMultipartUpload"
                    ]
                }
            },
            "State": "ENABLED",
            "Targets": [
                {
                    "Arn": {
                        "Fn::GetAtt": [
                            "LucyQueue",
                            "Arn"
                        ]
                    },
                    "Id": "lucy_event1",
                }
            ]
        }
    }
}

}

相关问题
最新问题