如何处理通过另一个帐户转发的邮件?
我希望多个帐户通过同一区域内中央帐户中的单个SNS主题发布其SNS消息。该订阅将是一个HTTPS端点。在原始帐户上,我有几个用于消息发布的服务(例如:Cloudwatch Event,Systems Manager等)。为了以后处理,我想标识(最好由AccountId标识)产生消息的原始AWS账户。通常,SNS json消息看起来为like this。根据文档,我看不到如何确定最终由哪个帐户创建了该消息。您是否知道这将如何工作还是有示例?
那我该如何实现呢?
Message from Account1 to \
SNS-Topic Account-Central -> HTTPS-Endpoint -> Parsing JSON Message (Message comes from Account1 ???)
Message from Account2 to /
我能够通过评估sns Message属性本身来解决此问题。在我的特定情况下,我收到了转发的Cloudwatch Events,我想将其映射到原始帐户。我用json解码了message属性,并通过account属性解析了帐户。
示例sns_data:
{
"Type" : "Notification",
"MessageId" : "b51e31b6-257b-5e63-bf40-678c64816bb6",
"TopicArn" : "arn:aws:sns:us-east-1:12345678:mytopic",
"Message" : "{\"version\":\"0\",\"id\":\"06498297-40cc-8bad-6b7d-20a1142a3162\",\"detail-type\":\"EC2 Instance State-change Notification\",\"source\":\"aws.ec2\",\"account\":\"987654321\",\"time\":\"2019-11-04T15:11:53Z\",\"region\":\"us-east-1\",\"resources\":[\"arn:aws:ec2:us-east-1:987654321:instance/i-XXXXXXXXXXXXXXXX\"],\"detail\":{\"instance-id\":\"i-XXXXXXXXXXXXXXXX\",\"state\":\"running\"}}",
"Timestamp" : "2019-11-04T15:11:54.002Z",
"SignatureVersion" : "1",
"Signature" : "f9dLWFByoErZvtKOWi9f8qk+c2sHH1faltwEi8AeeC76j2kHGJiGbaPh5+XfnECtmRjICHv3shIho02f7lDEvuxrq2tVmL8Je9+eCZhbN1uv3TIxZFfMYIzMTvGEqVaVr2XclFJbqlbb1OpYkvCf64HI6+YHlzT2HFg7O7n3qii4iRQ1Lx8yR6ipneDoM4S5H91J1vZT9jczjXjOStDnApJiAsrULCSrTIUWSrGdd45wwn+Vf4waNhKPKHskodVYXVmKvpdRB1ZZn/dne0Q4y/fWhtyPCPhw0oGiGQax4BxoDgwf60zy8FAIAdWF0LNRM6ZvVaHZOdTsvoJEVQ5Ttg==",
"SigningCertURL" : "https://sns.us-east-1.amazonaws.com/SimpleNotificationService-6aad65c2f9911b05cd53efda11f913f9.pem",
"UnsubscribeURL" : "https://sns.us-east-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-east-1:12345678:mytopic:308e8a6f-0935-4f8b-b1fd-31484d7b0e8e"
}
用于JSON解析和解析帐户的Python3代码:
print(json.loads(json.loads(sns_data)['Message'])['account'])