设置SQS权限,为什么principal没有申请?
Setting SQS permissions, why is the principal not applied?
我在现有队列上调用 setQueueAttributes,policy 如下所示,旨在允许主题 my-topic 队列 SendMessage 上的操作 my-queue。该策略已成功应用,但 principal 仍然是 None 而不是 Everybody (*)。为什么 principal 没有被应用?
{
"Version":"2012-10-17",
"Id":"d46625b6-b24e-4343-9f4e-773299fc7c56",
"Statement":
{
"Sid":"SNStoSQS",
"Effect":"Allow",
"Principal":"*",
"Action":"sqs:SendMessage",
"Resource":"arn:aws:sqs:us-east-1:111111111111:my-queue",
"Condition":
{
"ArnEquals":
{
"aws:SourceArn":"arn:aws:sns:us-east-1:609131769936:my-topic"
}
}
}
}
通过管理控制台为 Amazon SQS 队列订阅 Amazon SNS 主题时,会自动生成以下策略:
{
"Version": "2012-10-17",
"Id": "arn:aws:sqs:ap-southeast-2:111111111111:my-queue/SQSDefaultPolicy",
"Statement": [
{
"Sid": "Sid1111",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "SQS:SendMessage",
"Resource": "arn:aws:sqs:ap-southeast-2:111111111111:my-queue",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "arn:aws:sns:ap-southeast-2:111111111111:my-topic"
}
}
}
]
}
看起来 Principal 字段的格式略有不同。
我在现有队列上调用 setQueueAttributes,policy 如下所示,旨在允许主题 my-topic 队列 SendMessage 上的操作 my-queue。该策略已成功应用,但 principal 仍然是 None 而不是 Everybody (*)。为什么 principal 没有被应用?
{
"Version":"2012-10-17",
"Id":"d46625b6-b24e-4343-9f4e-773299fc7c56",
"Statement":
{
"Sid":"SNStoSQS",
"Effect":"Allow",
"Principal":"*",
"Action":"sqs:SendMessage",
"Resource":"arn:aws:sqs:us-east-1:111111111111:my-queue",
"Condition":
{
"ArnEquals":
{
"aws:SourceArn":"arn:aws:sns:us-east-1:609131769936:my-topic"
}
}
}
}
通过管理控制台为 Amazon SQS 队列订阅 Amazon SNS 主题时,会自动生成以下策略:
{
"Version": "2012-10-17",
"Id": "arn:aws:sqs:ap-southeast-2:111111111111:my-queue/SQSDefaultPolicy",
"Statement": [
{
"Sid": "Sid1111",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "SQS:SendMessage",
"Resource": "arn:aws:sqs:ap-southeast-2:111111111111:my-queue",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "arn:aws:sns:ap-southeast-2:111111111111:my-topic"
}
}
}
]
}
看起来 Principal 字段的格式略有不同。