用户无权执行:资源上的SNS:CreateTopic [英] User is not authorized to perform: SNS:CreateTopic on resource
问题描述
我想使用CloudWatch监视某些参数(TotalErrorRate和Latency),并且希望在引发(cloudWatch)警报时通过简单通知服务"(SNS)向我发送电子邮件:
I wanted to monitor certain parameters (TotalErrorRate and Latency) with CloudWatch and I wanted a "Simple Notification Service" (SNS) to send me an email, when an (cloudWatch) alarm is thrown:
EscalationTopic:
Type: "AWS::SNS::Topic"
Properties:
DisplayName: My Monitoring
Subscription:
- Endpoint: !Ref EmailForNotification
Protocol: email
EscalationTopicEmailSubscriber:
Type: "AWS::SNS::Subscription"
Properties:
Endpoint: !Ref EmailForNotification
Protocol: email
TopicArn: !Ref EscalationTopic
但是我得到这个错误:用户无权执行:资源上的SNS:CreateTopic(服务:AmazonSNS;状态代码:403;错误代码:AuthorizationError (请参见屏幕截图)
But I get this error:
User is not authorized to perform: SNS:CreateTopic on resource(Service: AmazonSNS; Status Code: 403; Error Code: AuthorizationError (see screenshot)
我为解决该问题所做的就是创建一个topicPolicy:
What I did to solve it, is creating a topicPolicy:
SNSTopicPolicy:
Type: 'AWS::SNS::TopicPolicy'
Properties:
Topics:
- !Ref EscalationTopic
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action: 'sns:CreateTopic'
Resource: !Ref EscalationTopic
Principal:
AWS: '*'
但是问题仍然存在.
在SNS控制台中,我可以手动创建一个新主题.
In the SNS console, I could manually create a new topic. Shouldn't it mean that I got the permission in order to createTopic?
推荐答案
错误消息非常准确地指出了问题.用于创建CloudFormation堆栈的凭据(除非您在堆栈创建期间指定了角色,否则除非您指定角色,否则大概是您的登录凭据)无权创建Amazon SNS主题.
The error message states the problem quite accurately. The credentials used to create the CloudFormation stack (presumably your login credentials unless you specified a Role during stack creation) is not authorized to create an Amazon SNS topic.
您应该查看与您的IAM用户相关联的权限,并添加必要的权限.
You should look at the permissions associated with your IAM User and add the necessary permissions.
添加SNS主题策略不会有任何影响,因为它用于向SNS授予一组权限,而您需要具有权限才能创建主题本身.
Adding an SNS Topic Policy will have no impact because it is used to give SNS a set of permissions, whereas you need permissions to create the Topic itself.
这篇关于用户无权执行:资源上的SNS:CreateTopic的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
