HTTPS Endpoint发布跨帐户SNS:如何识别原始帐户?

时间:2019-10-14 19:23:58

标签: publish amazon-sns account

通过其他帐户转发邮件时如何处理?

我希望多个帐户通过同一区域内中央帐户中的单个SNS主题发布其SNS消息。该订阅将是一个HTTPS端点。在原始帐户上,我有几个用于消息发布的服务(例如:Cloudwatch Event,Systems Manager等)。为了以后处理,我想(最好是由AccountId)标识产生消息的原始AWS账户。
通常,SNS json消息看起来为like this。根据文档,我看不到如何确定最终由哪个帐户创建了该消息。您是否知道这将如何工作或是否有示例?

那我该如何实现呢?

Message from Account1 to \
                          SNS-Topic Account-Central -> HTTPS-Endpoint -> Parsing JSON Message (Message comes from Account1 ???)
Message from Account2 to /

1 个答案:

答案 0 :(得分:0)

我能够通过评估sns Message属性本身来解决此问题。在我的特定情况下,我收到了转发的Cloudwatch Events,我想将其映射到原始帐户。我用json解码了message属性,并通过account属性解析了帐户。

示例sns_data:

{
  "Type" : "Notification",
  "MessageId" : "b51e31b6-257b-5e63-bf40-678c64816bb6",
  "TopicArn" : "arn:aws:sns:us-east-1:12345678:mytopic",
  "Message" : "{\"version\":\"0\",\"id\":\"06498297-40cc-8bad-6b7d-20a1142a3162\",\"detail-type\":\"EC2 Instance State-change Notification\",\"source\":\"aws.ec2\",\"account\":\"987654321\",\"time\":\"2019-11-04T15:11:53Z\",\"region\":\"us-east-1\",\"resources\":[\"arn:aws:ec2:us-east-1:987654321:instance/i-XXXXXXXXXXXXXXXX\"],\"detail\":{\"instance-id\":\"i-XXXXXXXXXXXXXXXX\",\"state\":\"running\"}}",
  "Timestamp" : "2019-11-04T15:11:54.002Z",
  "SignatureVersion" : "1",
  "Signature" : "f9dLWFByoErZvtKOWi9f8qk+c2sHH1faltwEi8AeeC76j2kHGJiGbaPh5+XfnECtmRjICHv3shIho02f7lDEvuxrq2tVmL8Je9+eCZhbN1uv3TIxZFfMYIzMTvGEqVaVr2XclFJbqlbb1OpYkvCf64HI6+YHlzT2HFg7O7n3qii4iRQ1Lx8yR6ipneDoM4S5H91J1vZT9jczjXjOStDnApJiAsrULCSrTIUWSrGdd45wwn+Vf4waNhKPKHskodVYXVmKvpdRB1ZZn/dne0Q4y/fWhtyPCPhw0oGiGQax4BxoDgwf60zy8FAIAdWF0LNRM6ZvVaHZOdTsvoJEVQ5Ttg==",
  "SigningCertURL" : "https://sns.us-east-1.amazonaws.com/SimpleNotificationService-6aad65c2f9911b05cd53efda11f913f9.pem",
  "UnsubscribeURL" : "https://sns.us-east-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-east-1:12345678:mytopic:308e8a6f-0935-4f8b-b1fd-31484d7b0e8e"
}

用于JSON解析和解析帐户的Python3代码:

print(json.loads(json.loads(sns_data)['Message'])['account'])