我的AWS账户中有一个API网关端点,它将在同一区域的另一个AWS账户中调用snS。
我帐户中API网关的访问策略如下
{
"Version": "2012-10-17","Statement": [
{
"Sid": "VisualEditor0","Effect": "Allow","action": "sns:Publish","Resource": "arn:aws:sns:ap-southeast-1:604970532282:PublishSourceMsgTopic"
}
]
}
sns arn:arn:aws:sns:ap-southeast-1:604970532282:PublishSourceMsgTopic属于同一区域中的另一个AWS账户。
在以上snS中配置的访问策略的json是:
{
"Version": "2008-10-17","Id": "__default_policy_ID","Statement": [
{
"Sid": "__default_statement_ID","Principal": {
"AWS": "*"
},"action": [
"snS:Publish","snS:RemovePermission","snS:SetTopicAttributes","snS:DeleteTopic","snS:ListSubscriptionsByTopic","snS:GetTopicAttributes","snS:Receive","snS:AddPermission","snS:Subscribe"
],"Resource": "arn:aws:sns:ap-southeast-1:604970532282:PublishSourceMsgTopic","Condition": {
"StringEquals": {
"AWS:SourceOwner": "604970532282"
}
}
},{
"Sid": "__console_pub_0","Principal": {
"AWS": "arn:aws:iam::148445556582:root"
},"action": "snS:Publish","Resource": "arn:aws:sns:ap-southeast-1:604970532282:PublishSourceMsgTopic"
}
]
}
当我调用API网关时,它显示以下错误:
User: arn:aws:sts::148445556582:assumed-role/api_gateway_sns_role/BackplaneAssumeRoleSession is not
authorized to perform: snS:Publish on resource: arn:aws:sns:ap-southeast-
1:604970532282:PublishSourceMsgTopic
如果我要提供在我的AWS账户中配置的snS主题,则能够成功调用snS。
我在这里想念什么?