如何在代码中创建 AWS SNS 主题 (iOS Mobile Hub SDK)
How to create AWS SNS Topic in code (iOS Mobile Hub SDK)
我想在代码中动态创建 Amazon SNS 主题。我正在为 iOS.
使用 AWS Mobile Hub SDK
当我尝试创建主题时
…
AWSSNSCreateTopicInput* input = [AWSSNSCreateTopicInput new];
NSString* name = @"topic_name";
[input setName:name];
[[[[AWSSNS defaultSNS] createTopic:input] continueWithSuccessBlock:^id _Nullable(AWSTask<AWSSNSCreateTopicResponse *> * _Nonnull task)
…
我从 AWS 收到一个错误:
<Message>User: (role/credentials) is not authorized to perform: SNS:CreateTopic on resource: (topic)</Message>
(role/credentials) 表示 IAM 角色及其 Cognito 凭证。
(topic) 是我通过提供主题名称请求的主题的 ARN
AWS Mobile Hub 为我的 Mobile Hub 角色创建了以下推送策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:CreatePlatformEndpoint",
"sns:GetEndpointAttributes",
"sns:SetEndpointAttributes"
],
"Resource": [
"(APN role arn)"
]
},
{
"Effect": "Allow",
"Action": [
"sns:Subscribe",
"sns:Publish",
"sns:Unsubscribe"
],
"Resource": [
"(dynamodb role arn)",
"(Mobile Hub Role arn)"
]
},
{
"Effect": "Allow",
"Action": [
"sns:ListTopics"
],
"Resource": [
"*"
]
}
]
}
我尝试添加行
"sns:CreateTopic",
中间的一组权限(就在“sns:Subscribe”上方),但这并没有解决错误。从错误消息和阅读 AWS 文档来看,我似乎必须为我创建的每个主题附加一个策略才能使用它。以下是 AWS 文档中可能相关的 2 个片段:
The following example shows the permissions that are automatically created by AWS Config for a new topic. This policy statement allows AWS Config to publish to a specified Amazon SNS topic.
If you want to use an existing SNS topic from another account or you set up your delivery channel using the API, make sure to attach the following policy to the SNS topic.
{
"Id": "Policy1415489375392",
"Statement": [
{
"Sid": "AWSConfigSNSPolicy20150201",
"Action": [
"SNS:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:region:account-id:myTopic",
"Principal": {
"Service": [
"config.amazonaws.com"
]
}
}
]
}
和
IAM Role Policy for Amazon SNS Topic
Use this example policy as a model for granting AWS Config permissions to access your SNS topic:
{
"Version": "2012-10-17",
"Statement":
[
{
"Effect":"Allow",
"Action":"sns:Publish",
"Resource":"yourSNStopicARN"
}
]
}
这就是我所能找到的关于使用 SDK 创建主题的全部内容。任何人都可以提供或指出一个完整的例子吗?
亚马逊 SNS(简单通知服务)的 AWS 论坛,支持移动推送的服务,可能是获得有关此主题的帮助的更好地方。
https://forums.aws.amazon.com/forum.jspa?forumID=72
问题似乎是相应的移动应用程序用户 IAM 角色没有创建主题的权限。默认情况下,Mobile Hub 不授予移动应用程序用户创建 SNS 主题的权限。您应该将 sns:CreateTopic 权限添加到具有 sns:ListTopic 的语句中,就像这样...
{
"Effect": "Allow",
"Action": [
"sns:ListTopics",
"sns:CreateTopic",
],
"Resource": [
"*"
]
}
我想在代码中动态创建 Amazon SNS 主题。我正在为 iOS.
使用 AWS Mobile Hub SDK当我尝试创建主题时
…
AWSSNSCreateTopicInput* input = [AWSSNSCreateTopicInput new];
NSString* name = @"topic_name";
[input setName:name];
[[[[AWSSNS defaultSNS] createTopic:input] continueWithSuccessBlock:^id _Nullable(AWSTask<AWSSNSCreateTopicResponse *> * _Nonnull task)
…
我从 AWS 收到一个错误:
<Message>User: (role/credentials) is not authorized to perform: SNS:CreateTopic on resource: (topic)</Message>
(role/credentials) 表示 IAM 角色及其 Cognito 凭证。 (topic) 是我通过提供主题名称请求的主题的 ARN
AWS Mobile Hub 为我的 Mobile Hub 角色创建了以下推送策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:CreatePlatformEndpoint",
"sns:GetEndpointAttributes",
"sns:SetEndpointAttributes"
],
"Resource": [
"(APN role arn)"
]
},
{
"Effect": "Allow",
"Action": [
"sns:Subscribe",
"sns:Publish",
"sns:Unsubscribe"
],
"Resource": [
"(dynamodb role arn)",
"(Mobile Hub Role arn)"
]
},
{
"Effect": "Allow",
"Action": [
"sns:ListTopics"
],
"Resource": [
"*"
]
}
]
}
我尝试添加行
"sns:CreateTopic",
中间的一组权限(就在“sns:Subscribe”上方),但这并没有解决错误。从错误消息和阅读 AWS 文档来看,我似乎必须为我创建的每个主题附加一个策略才能使用它。以下是 AWS 文档中可能相关的 2 个片段:
The following example shows the permissions that are automatically created by AWS Config for a new topic. This policy statement allows AWS Config to publish to a specified Amazon SNS topic.
If you want to use an existing SNS topic from another account or you set up your delivery channel using the API, make sure to attach the following policy to the SNS topic.
{
"Id": "Policy1415489375392",
"Statement": [
{
"Sid": "AWSConfigSNSPolicy20150201",
"Action": [
"SNS:Publish"
],
"Effect": "Allow",
"Resource": "arn:aws:sns:region:account-id:myTopic",
"Principal": {
"Service": [
"config.amazonaws.com"
]
}
}
]
}
和
IAM Role Policy for Amazon SNS Topic
Use this example policy as a model for granting AWS Config permissions to access your SNS topic:
{
"Version": "2012-10-17",
"Statement":
[
{
"Effect":"Allow",
"Action":"sns:Publish",
"Resource":"yourSNStopicARN"
}
]
}
这就是我所能找到的关于使用 SDK 创建主题的全部内容。任何人都可以提供或指出一个完整的例子吗?
亚马逊 SNS(简单通知服务)的 AWS 论坛,支持移动推送的服务,可能是获得有关此主题的帮助的更好地方。
https://forums.aws.amazon.com/forum.jspa?forumID=72
问题似乎是相应的移动应用程序用户 IAM 角色没有创建主题的权限。默认情况下,Mobile Hub 不授予移动应用程序用户创建 SNS 主题的权限。您应该将 sns:CreateTopic 权限添加到具有 sns:ListTopic 的语句中,就像这样...
{
"Effect": "Allow",
"Action": [
"sns:ListTopics",
"sns:CreateTopic",
],
"Resource": [
"*"
]
}