1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Try this ststement on the key policy:
"Statement": [ { "Sid": "Allow Key utilization", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::ACCOUNT_ID:root" ] }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey*" ], "Resource": "*" },
That would allow all the services in the account to use encrypt/decrypt using the key, ASG might not be the service trying to publish to the topic.
Another thing that helps a lot is to check CloudTrail Event History around the time the message should have sent, including the "Error code" field
répondu il y a un an
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 6 mois
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a un an