Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Not getting alerts from Autocalling when encryption enabled in SNS topic

0

When we enable the encryption on SNS topic then not getting autoscale related alerts from AWS side. I created the KMS key custom and gave the all permission but it's not working.

{ "Sid": "Enable SNS access to KMS", "Effect": "Allow", "Principal": { "Service": [ "ses.amazonaws.com", "s3.amazonaws.com", "cloudwatch.amazonaws.com", "events.amazonaws.com", "ec2.amazonaws.com" ] }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*" }

Temas
Seguridad, identidad y cumplimientoGestión y gobiernoIntegración de aplicaciones
Etiquetas
AWS Key Management ServiceAWS Auto ScalingAmazon Simple Notification Service (SNS)
Idioma
English
AnujG
preguntada hace 9 meses216 visualizaciones
1 Respuesta
1
Respuesta aceptada

I believe the issue is in the "Principal" field. You can use "*" Or you can use "arn:aws:iam::<accountID>:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" Or you can create your own role with a copy of AWSServiceRoleForAutoScaling.

profile pictureAWS
EXPERTO
lmessier
respondido hace 9 meses
  • lmessier EXPERTO
    hace 9 meses

    For a bit more detail, here is what the policy should look like and the link to the documentation. You're almost there.

    { "Sid": "Allow service-linked role use of the customer managed key", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<accountID>:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" }, "Action": [ "kms:GenerateDataKey*", "kms:Decrypt" ], "Resource": "*" }

    https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-sns-notifications.html#sns-kms-permissions

    You can let us know if that works. Thanks.

  • AnujG
    hace 9 meses

    Hi Team, I want to get alerts for all events in aws. If I put this only then I did not get other alerts like cloud watch and all.

    Thanks, Anuj

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante