AWS SQS 队列不接收来自 SNS 主题订阅的消息

问题描述 投票:0回答:1

在我的 cloudformation 模板中,我的 SQS 队列有以下内容:

OutputQueuePolicy:
  Type: AWS::SQS::QueuePolicy
  Properties:
    PolicyDocument:
      Statement:
        - Effect: "Allow"
          Principal: "*"
          Action:
            - "sqs:SendMessage"
          Resource:
            Fn::GetAtt: [OutputQueue, Arn]
          Condition:
            ArnEquals:
              aws:SourceArn: !Ref OutputTopic
            Bool:
              aws:SecureTransport: "false"
    Queues:
      - Ref: OutputQueue

OutputQueue:
  Type: AWS::SQS::Queue
  Properties:
    QueueName: isolation-change-output-queue
    RedriveAllowPolicy:
      redrivePermission: byQueue
      sourceQueueArns:
        - Fn::GetAtt: [OutputDeadLetterQueue, Arn]
    RedrivePolicy:
      deadLetterTargetArn:
        Fn::GetAtt: [OutputDeadLetterQueue, Arn]
      maxReceiveCount: 5

OutputDeadLetterQueuePolicy:
  Type: AWS::SQS::QueuePolicy
  Properties:
    PolicyDocument:
      Statement:
        - Effect: "Deny"
          Principal: "*"
          Action:
            - "sqs:SendMessage"
            - "sqs:ReceiveMessage"
          Resource: "*"
          Condition:
            Bool:
              aws:SecureTransport: "false"
    Queues:
      - Ref: OutputDeadLetterQueue

OutputDeadLetterQueue:
  Type: AWS::SQS::Queue
  Properties:
    QueueName: isolation-change-output-dead-letter-queue

这是我的 SNS 主题:

OutputTopicPolicy:
  Type: AWS::SNS::TopicPolicy
  Properties:
    PolicyDocument:
      Statement:
        - Sid: "Allow-SQS-to-receive-messages-from-topic"
          Effect: "Allow"
          Principal:
            Service: "sqs.amazonaws.com"
          Action: "sns:Publish"
          Resource:
            Ref: OutputTopic
          Condition:
            ArnEquals:
              "aws:SourceArn":
                Fn::GetAtt:
                  - OutputQueue
                  - Arn
    Topics:
      - Ref: OutputTopic

OutputTopic:
  Type: AWS::SNS::Topic
  Properties:
    TopicName: isolation-change-output-topic

OutputQueueSNSSubscription:
  Type: AWS::SNS::Subscription
  Properties:
    Endpoint:
      Fn::GetAtt: [OutputQueue, Arn]
    Protocol: "sqs"
    RedrivePolicy:
      deadLetterTargetArn:
        Fn::GetAtt: [OutputDeadLetterQueue, Arn]
    TopicArn: !Ref OutputTopic

我正在尝试通过 AWS SDK 向主题发布消息,但消息似乎没有进入队列。我没有收到任何错误,我不确定我的 cloudformation 模板有什么问题。

amazon-web-services aws-cloudformation amazon-sqs amazon-sns
1个回答
0
投票

您的 Amazon SQS 队列需要允许 Amazon SNS 主题向 Amazon SQS 队列发送消息的访问策略

我部署了您的堆栈并将此策略添加到 SQS 队列中:

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "sns.amazonaws.com"
      },
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sqs:ap-southeast-2:111111111111:isolation-change-output-dead-letter-queue",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:ap-southeast-2:111111111111:isolation-change-output-topic"
        }
      }
    }
  ]
}

然后我能够成功向SNS主题发送消息并且它出现在SQS队列中。

策略复制自:订阅 Amazon SQS 队列到 Amazon SNS 主题 - Amazon Simple Notification Service

您需要在您的

OutputDeadLetterQueuePolicy
中添加类似政策。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.