为什么 AWS CloudWatch Alarm 无法向加密的 SNS 主题发送通知?
Why AWS CloudWatch Alarm cannot send notification to encrypted SNS Topic?
我设置了警报,以便在我的 lambda 函数内存使用量超过 lambda 内存大小的 80% 时通知我。我正在使用自定义指标捕获数据点,当内存使用量超过阈值时,我能够在 cloudwatch 控制台中看到警报。但是当 Alarm 采取行动向相应的 SNS 主题发送通知时失败并显示此消息:
{
"actionState": "Failed",
"stateUpdateTimestamp": 1558142246126,
"notificationResource": "arn:aws:sns:us-east-1:5847563209:<myTopic>",
"publishedMessage": null,
"error": "null (Service: AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 6b7806a6-2c16-4582-9ecd-05100161746e)"
}
SNS 主题使用 KMS 密钥加密,我允许 cloudwatch 访问密钥策略中的密钥:
{
"Sid": "Allow CloudWatch to use the key",
"Effect": "Allow",
"Principal": {
"Service": "cloudwatch.amazonaws.com"
},
"Action": [
"kms:GenerateDataKey",
"kms:Decrypt"
],
"Resource": "*"
}
但是操作还是失败了。我也试过 events.amazonaws.com 作为校长,但没有成功。我很感激这方面的任何帮助。
看起来还不支持。来自这里:https://aws.amazon.com/blogs/compute/encrypting-messages-published-to-amazon-sns-with-aws-kms/
As of November 2018, Amazon CloudWatch alarms don’t yet work with
Amazon SNS encrypted topics.
我设置了警报,以便在我的 lambda 函数内存使用量超过 lambda 内存大小的 80% 时通知我。我正在使用自定义指标捕获数据点,当内存使用量超过阈值时,我能够在 cloudwatch 控制台中看到警报。但是当 Alarm 采取行动向相应的 SNS 主题发送通知时失败并显示此消息:
{
"actionState": "Failed",
"stateUpdateTimestamp": 1558142246126,
"notificationResource": "arn:aws:sns:us-east-1:5847563209:<myTopic>",
"publishedMessage": null,
"error": "null (Service: AWSKMS; Status Code: 400; Error Code: AccessDeniedException; Request ID: 6b7806a6-2c16-4582-9ecd-05100161746e)"
}
SNS 主题使用 KMS 密钥加密,我允许 cloudwatch 访问密钥策略中的密钥:
{
"Sid": "Allow CloudWatch to use the key",
"Effect": "Allow",
"Principal": {
"Service": "cloudwatch.amazonaws.com"
},
"Action": [
"kms:GenerateDataKey",
"kms:Decrypt"
],
"Resource": "*"
}
但是操作还是失败了。我也试过 events.amazonaws.com 作为校长,但没有成功。我很感激这方面的任何帮助。
看起来还不支持。来自这里:https://aws.amazon.com/blogs/compute/encrypting-messages-published-to-amazon-sns-with-aws-kms/
As of November 2018, Amazon CloudWatch alarms don’t yet work with Amazon SNS encrypted topics.