如何解决无法让 S3 通知 yaml/stack 工作
如果在没有 4 行启动 NotificationConfiguration 的情况下运行,则在下面的代码中一切正常。我认为这可能是因为在存储桶上设置通知之前需要主题策略。因此,尝试在没有 NotificationConfiguration 行的情况下进行初始创建,然后将它们添加进来并更新堆栈。 但收到错误无法验证以下目标配置(服务:Amazon S3;状态代码:400;错误代码:InvalidArgument;。我尝试过将实际主题 arn 不使用 !Ref 之类的方法,但没有任何乐趣。谢谢!
Resources:
DeletionSNSTopic:
Type: AWS::SNS::Topic
Properties:
displayName:
!Join [" ",[Data has been deleted from,!Sub '${ServiceName}-${Stage}-${AWS::AccountId}']
]
Subscription:
- Endpoint: !Sub '${DeleteNotifyEmail}'
Protocol: email
TopicName: !Sub 'delete-from-${ServiceName}-bucket'
DataBucket:
Type: AWS::S3::Bucket
DependsOn: DeletionSNSTopic
Description: Create Amazon S3 bucket from CloudFormation
Properties:
BucketName: !Sub '${ServiceName}-${Stage}-${AWS::AccountId}'
AccessControl: Private
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
VersioningConfiguration:
Status: Enabled
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
NotificationConfiguration:
TopicConfigurations:
- Topic: !Ref DeletionSNSTopic
Event: 's3:ObjectRemoved:*'
BucketToSNSPermission:
Type: AWS::SNS::TopicPolicy
Properties:
PolicyDocument:
Id: 'deletionTopicPolicy'
Version: '2012-10-17'
Statement:
- Sid: 'deletionTopic-statement-id'
Effect: Allow
Principal:
Service: s3.amazonaws.com
Action: sns:Publish
Resource: !Ref DeletionSNSTopic
Condition:
StringEquals:
aws:SourceAccount: !Sub '${AWS::AccountId}'
ArnLike:
aws:SourceArn: !Ref DataBucket
Topics:
- !Ref DeletionSNSTopic
解决方法
您的代码中有循环依赖。在应用主题策略之前,您创建带有通知的存储桶。显然不能在存储桶之前创建策略,因为由于 !Ref DataBucket,存储桶必须已经存在。
要解决必须首先知道存储桶名称的问题,这在您的情况下是可能的:
Resources:
DeletionSNSTopic:
Type: AWS::SNS::Topic
Properties:
DisplayName:
!Join [" ",[Data has been deleted from,!Sub '${ServiceName}-${Stage}-${AWS::AccountId}']
]
Subscription:
- Endpoint: !Sub '${DeleteNotifyEmail}'
Protocol: email
TopicName: !Sub 'delete-from-${ServiceName}-bucket'
DataBucket:
Type: AWS::S3::Bucket
DependsOn: BucketToSNSPermission
Description: Create Amazon S3 bucket from CloudFormation
Properties:
BucketName: !Sub '${ServiceName}-${Stage}-${AWS::AccountId}'
AccessControl: Private
BucketEncryption:
ServerSideEncryptionConfiguration:
- ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
VersioningConfiguration:
Status: Enabled
PublicAccessBlockConfiguration:
BlockPublicAcls: true
BlockPublicPolicy: true
IgnorePublicAcls: true
RestrictPublicBuckets: true
NotificationConfiguration:
TopicConfigurations:
- Topic: !Ref DeletionSNSTopic
Event: 's3:ObjectRemoved:*'
BucketToSNSPermission:
Type: AWS::SNS::TopicPolicy
Properties:
PolicyDocument:
Id: 'deletionTopicPolicy'
Version: '2012-10-17'
Statement:
- Sid: 'deletionTopic-statement-id'
Effect: Allow
Principal:
Service: s3.amazonaws.com
Action: SNS:Publish
Resource: !Ref DeletionSNSTopic
Condition:
StringEquals:
aws:SourceAccount: !Ref AWS::AccountId
ArnLike:
aws:SourceArn: !Sub "arn:aws:s3:::${ServiceName}-${Stage}-${AWS::AccountId}"
Topics:
- !Ref DeletionSNSTopic
对于一般情况签入:
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
