AWS Incident Manager - Slack Notification - SNS Topic Permission issue
0
I have an SNS topic for the ChatOps and I configured Slack to send messages via sns. The test message is working fine. Now Im creating a response plan in the incident manager to send the message to Slack. But which I click on save button Im getting the following error.
There was an error in creating the response plan.
Topic policy does not allow the service to publish to these SNS topics: arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager
But as per the Incident Manager Doc, I have added the following line into the SNS access policy.
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "sns:Publish",
"Resource": "arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager"
},
{
"Sid": "IncidentManagerSNSPublishingPermissions",
"Effect": "Allow",
"Principal": {
"Service": "ssm-incidents.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager",
"Condition": {
"StringEqualsIfExists": {
"AWS:SourceAccount": "xxxxxxxxxx"
}
}
}
]
}
Not sure where is the error.
Balises
Langue
English
demandé il y a 8 mois254 vues
1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
This type of error happens when the topic is encrypted and the KMS key that is used to encrypt the topic does not have the necessary permissions that allow Systems Manger to use the key. Kindly add the following statement to the KMS key's policy and try to save the response plan.
{
"Sid": "Allow CWE to use the key",
"Effect": "Allow",
"Principal": {
"Service": "ssm-incidents.amazonaws.com"
},
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey*"
],
"Resource": "*"
}
répondu il y a 7 mois
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
AWS OFFICIELA mis à jour il y a 2 ans- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
