Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Not getting alerts from Autocalling when encryption enabled in SNS topic

0

When we enable the encryption on SNS topic then not getting autoscale related alerts from AWS side. I created the KMS key custom and gave the all permission but it's not working.

{ "Sid": "Enable SNS access to KMS", "Effect": "Allow", "Principal": { "Service": [ "ses.amazonaws.com", "s3.amazonaws.com", "cloudwatch.amazonaws.com", "events.amazonaws.com", "ec2.amazonaws.com" ] }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*" }

Themen
Sicherheit, Identität & KonformitätManagement & UnternehmensführungAnwendungsintegration
Tags
AWS-SchlüsselverwaltungsserviceAWS AutoskalierungAmazon Simple Notification Service (SNS)
Sprache
English
AnujG
gefragt vor 9 Monaten216 Aufrufe
1 Antwort
1
Akzeptierte Antwort

I believe the issue is in the "Principal" field. You can use "*" Or you can use "arn:aws:iam::<accountID>:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" Or you can create your own role with a copy of AWSServiceRoleForAutoScaling.

profile pictureAWS
EXPERTE
lmessier
beantwortet vor 9 Monaten
  • lmessier EXPERTE
    vor 9 Monaten

    For a bit more detail, here is what the policy should look like and the link to the documentation. You're almost there.

    { "Sid": "Allow service-linked role use of the customer managed key", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<accountID>:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" }, "Action": [ "kms:GenerateDataKey*", "kms:Decrypt" ], "Resource": "*" }

    https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-sns-notifications.html#sns-kms-permissions

    You can let us know if that works. Thanks.

  • AnujG
    vor 9 Monaten

    Hi Team, I want to get alerts for all events in aws. If I put this only then I did not get other alerts like cloud watch and all.

    Thanks, Anuj

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt