无法将 Amazon SQS 附加到 Amazon S3 事件通知

Question

我有 2 个不同的桶。一个能够将 Amazon SQS 附加到事件通知，而第二个不能。

SQS 权限足够广泛。它与 S3 存储桶不相上下。但是我想不通。

存储桶策略中没有“拒绝”条款。不过还有几个额外的 ACL...

这是我存储在 SQS 中的访问策略：

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Action": "*",
      "Resource": "*"
    }
  ]
}

这是错误：

Answer 1

是的，我以前看过。

您必须在 Amazon SQS 队列上创建访问策略 以允许 Amazon S3 存储桶进行访问。

这是来自 Granting permissions to publish event notification messages to a destination - Amazon Simple Storage Service 的示例政策：

{
 "Version": "2012-10-17",
 "Id": "example-ID",
 "Statement": [
  {
   "Sid": "example-statement-ID",
   "Effect": "Allow",
   "Principal": {
     "Service": "s3.amazonaws.com"  
   },
   "Action": [
    "SQS:SendMessage"
   ],
   "Resource": "arn:aws:sqs:Region:account-id:queue-name",
   "Condition": {
      "ArnLike": { "aws:SourceArn": "arn:aws:s3:*:*:awsexamplebucket1" },
      "StringEquals": { "aws:SourceAccount": "bucket-owner-account-id" }
   }
  }
 ]
}

另请参阅：Walkthrough: Configuring a bucket for notifications (SNS topic or SQS queue) - Amazon Simple Storage Service

Answer 2

我联系了 AWS Support。有未记录的详细信息：

So, each time an S3 event is edited or saved, there will be validation of the current destinations since the PutBucketNotification will replace the existing notification configuration and not update it.

所以我有另一个没有正确权限的遗留 S3 事件。我删除了它，现在一切正常。感谢所有试图提供帮助的人:)

无法将 Amazon SQS 附加到 Amazon S3 事件通知

Unable to attach Amazon SQS to Amazon S3 event notification

cloud

amazon-s3

amazon-sqs

amazon-web-services