如何在AWS SQS队列上添加权限? [英] How do I add permissions on an AWS SQS Queue?

问题描述

使用以下代码，我可以使用我的AWS帐号添加权限，但队列不会收到来自SNS的任何消息.

With the following code, I can add a permission using my AWS account number but the queue does not receive any messages from SNS.

AddPermissionRequest addPermissionRequest = new AddPermissionRequest();
addPermissionRequest.ActionName.Add("SendMessage");
addPermissionRequest.ActionName.Add("ReceiveMessage");
addPermissionRequest.QueueUrl = queueUrl;
addPermissionRequest.Label = General.IpAddressAWSFriendly;
addPermissionRequest.AWSAccountId.Add(AWS_ACCOUNT_ID);
sqs.AddPermission(addPermissionRequest);

但是，当我尝试通过通配符(*)为所有人设置权限时:

But, when I try to set the permission via a wildcard (*) for everybody:

addPermissionRequest.AWSAccountId.Add("*");

它给我一个错误.如果我在AWS SQS控制台中手动添加权限并指定

it gives me an error. If I manually add the permission in the AWS SQS console and specify

SendMessage
ReceiveMessage

对于允许的操作和原则，我将其设置为所有人"，队列确实从我的SNS主题接收消息.所以，显然，我在做错事，但现在再也看不到了.

for the allowed actions and for the principle, I set it to "everybody", the queue does receive messages from my SNS topic. So, obviously, I'm doing something wrong but I don't see it anymore.

任何帮助都会很棒！我希望Amazon能够提供一些示例，SDK附带的示例不会显示任何有关设置策略或权限的信息.联机文档中也没有显示任何内容.令人沮丧.

Any help would be great! I wish Amazon would have examples, the example that comes with the SDK does not show anything about setting policies or permissions. Nothing is shown in the online documentation, either. Frustrating.

推荐答案

幸运的是，我自己弄明白了，因为我在这里没有收到任何回复.我真的希望亚马逊能够在.Net框架上为C#开发人员提供更好的文档，而不仅仅是脚本小子.

Fortunately, I figured it out myself since I received no responses here. I really wish Amazon would provide better documentation for C# developers on the .Net framework and not just for script kiddies.

无论如何，我最终创建了一个完整的Policy对象，并将其传递给SQS.我之所以使用AWS开发工具包v1.5版本，而不是使用较新的2.0版本(现在处于beta版)，仅是因为它现在可以使用，而且我懒得将其更改为较新的2.0版本.

Anyways, I ended up creating a full blown Policy object and passed that to the SQS. I used the AWS SDK v1.5 version and not the newer 2.0 (in beta right now) simply because it works for now and I was too lazy to change it to the newer 2.0 version.

以下是您需要在C#中以编程方式为SQS队列创建策略的一些代码，条件是仅将该队列与SNS主题一起使用:

Here is the bit of code you will need to programmatically create a policy in C# for an SQS Queue with a condition to only use that queue with an SNS topic:

        // 4. Set the queue policy to allow SNS to publish messages
        ActionIdentifier[] actions = new ActionIdentifier[2];
        actions[0] = SQSActionIdentifiers.SendMessage;
        actions[1] = SQSActionIdentifiers.ReceiveMessage;
        Policy sqsPolicy = new Policy()
            .WithStatements(new Statement(Statement.StatementEffect.Allow)
                                .WithPrincipals(Principal.AllUsers)
                                .WithResources(new Resource(queueArn))
                                .WithConditions(ConditionFactory.NewSourceArnCondition(_AWSSNSArn))
                                .WithActionIdentifiers(actions));
        SetQueueAttributesRequest setQueueAttributesRequest = new SetQueueAttributesRequest();
        List<Amazon.SQS.Model.Attribute> attributes = new List<Amazon.SQS.Model.Attribute>();
        Amazon.SQS.Model.Attribute attribute = new Amazon.SQS.Model.Attribute();
        attribute.Name = "Policy";
        attribute.Value = sqsPolicy.ToJson();
        attributes.Add(attribute);
        setQueueAttributesRequest.QueueUrl = queueUrl;
        setQueueAttributesRequest.Attribute = attributes;
        sqs.SetQueueAttributes(setQueueAttributesRequest);

我希望这对某人有帮助.

I hope this helps someone.

这篇关于如何在AWS SQS队列上添加权限?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！