假设一个 SNS 主题配置了“默认”访问策略,如下所示:
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:GetTopicAttributes",
"SNS:SetTopicAttributes",
"SNS:AddPermission",
"SNS:RemovePermission",
"SNS:DeleteTopic",
"SNS:Subscribe",
"SNS:ListSubscriptionsByTopic",
"SNS:Publish"
],
"Resource": "arn:aws:sns:us-east-1:############:NotificationTopic-test",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "############"
}
}
}
]
}
CloudWatch 警报可以发布到这个主题。 EventBridge 规则不能发布到此主题。
EventBridge 是否需要带有“Principal”的 SNS 访问策略:{“Service”:“events.amazonaws.com”} 而 CloudWatch 不需要?如果是这样,为什么?