- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
The issue appears to be that the KMS key I specified doesn't exist. After creating a KMS key in my template and attaching it to the rule, the deployment succeeds.
The error message Could not write to bucket
suggests that the SES service is unable to write to the specified S3 bucket. This could be due to the bucket policy not allowing the necessary permissions. However, looking at your CloudFormation template, the bucket policy seems to be correctly configured to allow SES to put objects into the bucket.
One potential issue might be the condition in your bucket policy:
Condition: StringEquals: 'aws:Referer': !Ref AWS::AccountId
This condition requires that the request must include a Referer header matching the AWS account ID. However, SES might not include this header when writing to the S3 bucket. You can try removing this condition to see if that resolves the issue:
ForwardAdminEmailBucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref ForwardAdminEmailBucket PolicyDocument: Statement: - Action: - s3:PutObject Effect: Allow Resource: !Sub ${ForwardAdminEmailBucket.Arn}/* Principal: Service: ses.amazonaws.com
Another thing to check is the permissions of the IAM role that CloudFormation is using to create the resources. Make sure that this role has permissions to create SES receipt rules and to put objects in the S3 bucket.
If the issue persists, you can also try deploying the SES receipt rule separately after the S3 bucket and bucket policy have been successfully created and propagated. Sometimes, resource dependencies can cause timing issues in CloudFormation deployments.
Contenuto pertinente
- AWS UFFICIALEAggiornata 2 anni fa
That didn't work. I've tried bunch of different changes to the policy; none seem to work.