Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

S3 event notification to SQS

0

I am an admin IAM user responsible for managing AWS resources. Recently, I enabled CloudTrail, SNS, SQS, and created an S3 bucket, all of which are prerequisite steps for integration account activity logs with Elasticsearch.

The creation of CloudTrail through an S3 bucket proceeded smoothly. However, when attempting to create an S# event notification to SQS, I encountered an error message stating, "Unknown Error: An unexpected error occurred. API responseUnable to validate the following destination configurations." Additionally, Amazon Q Analysis suggests that "The user likely does not have the necessary permissions to configure notifications for this S3 bucket. While the bucket itself may allow listing and accessing objects, permission to modify bucket properties and notifications is controlled separately."

Can you please help in identifying the root cause of this issue? Thanks a lot.

Temas
Sin servidorIntegración de aplicacionesAlmacenamiento
Etiquetas
Amazon Simple Queue ServiceConcesiones de acceso a Amazon S3
Idioma
English
joshus
preguntada hace 2 meses200 visualizaciones
2 Respuestas
1
Respuesta aceptada

Hello.

You need to check the resource-based policy on the SQS side.
Try setting the policy mentioned in the below document on SQS.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.html#grant-sns-sqs-permission-for-s3

{
    "Version": "2012-10-17",
    "Id": "example-ID",
    "Statement": [
        {
            "Sid": "example-statement-ID",
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.amazonaws.com"
            },
            "Action": [
                "SQS:SendMessage"
            ],
            "Resource": "arn:aws:sqs:Region:account-id:queue-name",
            "Condition": {
                "ArnLike": {
                    "aws:SourceArn": "arn:aws:s3:*:*:awsexamplebucket1"
                },
                "StringEquals": {
                    "aws:SourceAccount": "bucket-owner-account-id"
                }
            }
        }
    ]
}
profile picture
EXPERTO
Riku_Kobayashi
respondido hace 2 meses
0

Thanks so much! I'm glad this helped. My problem was with 'aws:SourceAccount': 'bucket-owner-account-id', which I had completely missed out.

joshus
respondido hace 2 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante