如果我的lambda函数内存使用量超过了lambda内存大小的80%,我会设置警报以通知我。我正在使用自定义指标捕获数据点,并且当内存使用量超过阈值时,能够在cloudwatch控制台中看到警报。但是当Alarm采取行动将通知发送到相应的SNS主题时,此消息失败:
{
"actionState": "Failed",
"stateUpdateTimestamp": 1558142246126,
"notificationResource": "arn:aws:sns:us-east-1:5847563209:<myTopic>",
"publishedMessage": null,
"error": "null (Service: AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 6b7806a6-2c16-4582-9ecd-05100161746e)"
}
SNS主题已使用KMS密钥加密,并且我允许cloudwatch访问密钥策略中的密钥:
{
"Sid": "Allow CloudWatch to use the key",
"Effect": "Allow",
"Principal": {
"Service": "cloudwatch.amazonaws.com"
},
"Action": [
"kms:GenerateDataKey",
"kms:Decrypt"
],
"Resource": "*"
}
但是操作仍然失败。我还尝试过events.amazonaws.com作为委托人,但没有运气。我对此表示感谢。
答案 0 :(得分:0)
好像还不被支持。从这里:https://aws.amazon.com/blogs/compute/encrypting-messages-published-to-amazon-sns-with-aws-kms/
截至2018年11月,Amazon CloudWatch警报尚未与 Amazon SNS加密的主题。