使用API网关从交叉帐户调用SNS

2024-05-10 • 问答

我的AWS账户中有一个API网关端点，它将在同一区域的另一个AWS账户中调用snS。

我帐户中API网关的访问策略如下

{
"Version": "2012-10-17","Statement": [
    {
        "Sid": "VisualEditor0","Effect": "Allow","action": "sns:Publish","Resource": "arn:aws:sns:ap-southeast-1:604970532282:PublishSourceMsgTopic"
    }
]
}

sns arn：arn：aws：sns：ap-southeast-1：604970532282：PublishSourceMsgTopic属于同一区域中的另一个AWS账户。

在以上snS中配置的访问策略的json是：

{
"Version": "2008-10-17","Id": "__default_policy_ID","Statement": [
 {
  "Sid": "__default_statement_ID","Principal": {
    "AWS": "*"
  },"action": [
    "snS:Publish","snS:RemovePermission","snS:SetTopicAttributes","snS:DeleteTopic","snS:ListSubscriptionsByTopic","snS:GetTopicAttributes","snS:Receive","snS:AddPermission","snS:Subscribe"
  ],"Resource": "arn:aws:sns:ap-southeast-1:604970532282:PublishSourceMsgTopic","Condition": {
    "StringEquals": {
      "AWS:SourceOwner": "604970532282"
    }
  }
},{
  "Sid": "__console_pub_0","Principal": {
    "AWS": "arn:aws:iam::148445556582:root"
  },"action": "snS:Publish","Resource": "arn:aws:sns:ap-southeast-1:604970532282:PublishSourceMsgTopic"
}
]
 }

当我调用API网关时，它显示以下错误：

User: arn:aws:sts::148445556582:assumed-role/api_gateway_sns_role/BackplaneAssumeRoleSession is not 
authorized to perform: snS:Publish on resource: arn:aws:sns:ap-southeast- 
1:604970532282:PublishSourceMsgTopic

如果我要提供在我的AWS账户中配置的snS主题，则能够成功调用snS。

我在这里想念什么？

{ "Version": "2012-10-17","Statement": [{ "Effect": "Allow","Principal": "*","Action": "SNS:Publish","Resource": "arn:aws:sns:us-east-2:444455556666:MyTopic","Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:cloudwatch:us-east-2:111122223333:alarm:MyAlarm" } } }] }

使用API​​网关从交叉帐户调用SNS

martinddiigg 回答：使用API​​网关从交叉帐户调用SNS

大家都在问

使用API网关从交叉帐户调用SNS

martinddiigg 回答：使用API网关从交叉帐户调用SNS