AWS Incident Manager - Slack Notification - SNS Topic Permission issue
0
I have an SNS topic for the ChatOps and I configured Slack to send messages via sns. The test message is working fine. Now Im creating a response plan in the incident manager to send the message to Slack. But which I click on save button Im getting the following error.
There was an error in creating the response plan.
Topic policy does not allow the service to publish to these SNS topics: arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager
But as per the Incident Manager Doc, I have added the following line into the SNS access policy.
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "sns:Publish",
"Resource": "arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager"
},
{
"Sid": "IncidentManagerSNSPublishingPermissions",
"Effect": "Allow",
"Principal": {
"Service": "ssm-incidents.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager",
"Condition": {
"StringEqualsIfExists": {
"AWS:SourceAccount": "xxxxxxxxxx"
}
}
}
]
}
Not sure where is the error.
Etiquetas
Idioma
English
preguntada hace 8 meses254 visualizaciones
1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
1
This type of error happens when the topic is encrypted and the KMS key that is used to encrypt the topic does not have the necessary permissions that allow Systems Manger to use the key. Kindly add the following statement to the KMS key's policy and try to save the response plan.
{
"Sid": "Allow CWE to use the key",
"Effect": "Allow",
"Principal": {
"Service": "ssm-incidents.amazonaws.com"
},
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey*"
],
"Resource": "*"
}
respondido hace 7 meses
Contenido relevante
OFICIAL DE AWSActualizada hace 2 años- OFICIAL DE AWSActualizada hace 10 meses
- OFICIAL DE AWSActualizada hace un año