放置S3通知配置时出错

时间:2019-01-14 14:36:05

标签: amazon-web-services amazon-s3 terraform amazon-sqs

当我尝试创建aws_s3_bucket_notification时,出现以下Terrerform异常:aws_s3_bucket_notification.input_notification: Error putting S3 notification configuration: InvalidArgument: Unable to validate the following destination configurations status code: 400, request id: 4E17F794B9BC67C9, host id: QmeEFS+T1cvr1xFEMmAlqBKxzX1Fg+qOpwJFXDl4sR1hVcHa4swLN87BiPI8BToGuNQ3oYD0pYk=据我所知,我遵循了以下terraform文档中概述的规格:https://www.terraform.io/docs/providers/aws/r/s3_bucket_notification.html 有人遇到过这个问题吗?

resource "aws_sqs_queue" "sqs_queue" {
  name = "${var.env}-${var.subenv}-${var.appname}"
  delay_seconds = 5
  max_message_size = 262144
  message_retention_seconds = 86400
  receive_wait_time_seconds = 10
  visibility_timeout_seconds = 90
  redrive_policy = "{\"deadLetterTargetArn\":\"${aws_sqs_queue.sqs_dlq.arn}\",\"maxReceiveCount\":${var.sqs_max_receive_count}}"

  policy = <<POLICY
  {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": "*",
        "Action": "sqs:SendMessage",
        "Resource": "arn:aws:sqs:*:*:s3-event-notification-queue",
        "Condition": {
          "ArnEquals": { "aws:SourceArn": "${aws_s3_bucket.input.arn}" }
        }
      }
    ]
  }
  POLICY
}


resource "aws_s3_bucket" "input" {
  bucket = "${var.env}-${var.subenv}-${var.appname}-input"
}

resource "aws_s3_bucket_notification" "input_notification" {
    depends_on = [
        "aws_s3_bucket.input",
        "aws_sqs_queue.sqs_queue"
  ]

  bucket = "${aws_s3_bucket.input.id}"

  queue {
    queue_arn     = "${aws_sqs_queue.sqs_queue.arn}"
    events        = ["s3:ObjectCreated:*"]
    filter_suffix = ".gz"
  }
}

1 个答案:

答案 0 :(得分:0)

SQS政策有误,应如下所示:

resource "aws_sqs_queue" "sqs_queue" {
  name = "${var.env}-${var.subenv}-${var.appname}"
  delay_seconds = 5
  max_message_size = 262144
  message_retention_seconds = 86400
  receive_wait_time_seconds = 10
  visibility_timeout_seconds = 90
  redrive_policy = "{\"deadLetterTargetArn\":\"${aws_sqs_queue.sqs_dlq.arn}\",\"maxReceiveCount\":${var.sqs_max_receive_count}}"

  policy = <<POLICY
  {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Effect": "Allow",
        "Principal": "*",
        "Action": "sqs:SendMessage",
        "Resource": "arn:aws:sqs:*:*:${var.env}-${var.subenv}-${var.appname}",
        "Condition": {
          "ArnEquals": { "aws:SourceArn": "${aws_s3_bucket.input.arn}" }
        }
      }
    ]
  }
  POLICY
}