我想使用 CloudWatch 监控某些参数(TotalErrorRate 和延迟),并且当引发 (cloudWatch) 警报时,我想要一个“简单通知服务”(SNS) 向我发送电子邮件:
EscalationTopic:
Type: "AWS::SNS::Topic"
Properties:
DisplayName: My Monitoring
Subscription:
- Endpoint: !Ref EmailForNotification
Protocol: email
EscalationTopicEmailSubscriber:
Type: "AWS::SNS::Subscription"
Properties:
Endpoint: !Ref EmailForNotification
Protocol: email
TopicArn: !Ref EscalationTopic
But I get this error:
User is not authorized to perform: SNS:CreateTopic on resource(Service: AmazonSNS; Status Code: 403; Error Code: AuthorizationError (see screenshot)
我为解决这个问题所做的就是创建一个 topicPolicy:
SNSTopicPolicy:
Type: 'AWS::SNS::TopicPolicy'
Properties:
Topics:
- !Ref EscalationTopic
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: 'sns:CreateTopic'
Resource: !Ref EscalationTopic
Principal:
AWS: '*'
但问题仍然存在。
编辑: 在SNS控制台中,我可以手动创建一个新主题。这不是应该意味着我获得了createTopic的权限吗?
我在使用 Amazon SES 时遇到了类似的问题。显然我的“AmazonSESFullAccess”权限不够,我通过向我的 IAM 用户添加“AmazonSNSFullAccess”权限解决了这个问题https://console.aws.amazon.com/iam/home#/users/MY_IAM_USER_NAME_GOES_HERE