Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Not getting alerts from Autocalling when encryption enabled in SNS topic

0

When we enable the encryption on SNS topic then not getting autoscale related alerts from AWS side. I created the KMS key custom and gave the all permission but it's not working.

{ "Sid": "Enable SNS access to KMS", "Effect": "Allow", "Principal": { "Service": [ "ses.amazonaws.com", "s3.amazonaws.com", "cloudwatch.amazonaws.com", "events.amazonaws.com", "ec2.amazonaws.com" ] }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*" }

Argomenti
Sicurezza, identità e conformitàGestione e amministrazioneIntegrazione delle applicazioni
Tag
Servizio di gestione delle chiavi AWSAWS Auto ScalingAmazon Simple Notification Service (SNS)
Lingua
English
AnujG
posta 9 mesi fa216 visualizzazioni
1 Risposta
1
Risposta accettata

I believe the issue is in the "Principal" field. You can use "*" Or you can use "arn:aws:iam::<accountID>:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" Or you can create your own role with a copy of AWSServiceRoleForAutoScaling.

profile pictureAWS
ESPERTO
lmessier
con risposta 9 mesi fa
  • lmessier ESPERTO
    9 mesi fa

    For a bit more detail, here is what the policy should look like and the link to the documentation. You're almost there.

    { "Sid": "Allow service-linked role use of the customer managed key", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<accountID>:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" }, "Action": [ "kms:GenerateDataKey*", "kms:Decrypt" ], "Resource": "*" }

    https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-sns-notifications.html#sns-kms-permissions

    You can let us know if that works. Thanks.

  • AnujG
    9 mesi fa

    Hi Team, I want to get alerts for all events in aws. If I put this only then I did not get other alerts like cloud watch and all.

    Thanks, Anuj

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente