AWS CloudForformation:CloudWatch Alarm for RDS是否需要IAM角色? [英] AWS Cloudformation : Does CloudWatch Alarm for RDS needs IAM role?

本文介绍了AWS CloudForformation:CloudWatch Alarm for RDS是否需要IAM角色?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

每当我的RDS实例的可用存储空间小于阈值(例如2 GB)时,我希望收到通知电子邮件。

出于上述原因,我从监控FreeStorageSpace指标的AWS控制台创建了一个警报。

现在,我希望将此警报片段放入我现有的CloudFortification模板中,以便将此警报链接到我现有的RDS实例。我是否需要为RDS创建任何类型的IAM角色?

    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: RDS Low Storage Alarm
      AlarmDescription: This alarm is triggered when RDS storage is lower than or equal to 5GB
    ActionsEnabled: true
    OKActions: []
    AlarmActions:
      - arn:aws:sns:ap-northeast-1:1234567890:stg1-init-AlertTopic-1WPRQT95IHBJZ
    InsufficientDataActions: []
    MetricName: FreeStorageSpace
    Namespace: AWS/RDS
    Statistic: Average
    Dimensions:
     - Name: DBInstanceIdentifier
       Value: xxx1blsxxxxel
    Period: 60
    EvaluationPeriods: 1
    DatapointsToAlarm: 1
    Threshold: 5368709120
    ComparisonOperator: LessThanOrEqualToThreshold
    TreatMissingData: missing

我找到了几篇类似this的文章,其中解释了类似上面的警报创建。但是我没有找到关于我的东西的任何信息。

更新: 我在CFN主模板中创建的SNS警报主题默认使用以下访问策略。在这种情况下,创建上述告警是否足够?

{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
        "SNS:AddPermission",
        "SNS:RemovePermission",
        "SNS:DeleteTopic",
        "SNS:Subscribe",
        "SNS:ListSubscriptionsByTopic",
        "SNS:Publish",
        "SNS:Receive"
      ],
      "Resource": "arn:aws:sns:ap-northeast-1:333333333333:stg1-init-AlertTopic-1WPRQT95IHBJZ",
      "Condition": {
        "StringEquals": {
          "AWS:SourceOwner": "333333333333"
        }
      }
    }
  ]
}

推荐答案

我是否需要为RDS创建任何类型的IAM角色?

不适用于RDS。但是SQS主题必须有special policy for that。例如(根据您的设置,可能默认策略也足够):

{
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "SNS:Publish",
            "Resource": "arn:aws:sns:us-east-2:444455556666:MyTopic",
            "Condition": {
                "ArnLike": {
                    "aws:SourceArn": "arn:aws:cloudwatch:us-east-2:111122223333:alarm:*"
                }
            }
        }
    ]
}

这篇关于AWS CloudForformation:CloudWatch Alarm for RDS是否需要IAM角色?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆