AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

S3 event notification to SQS

0

I am an admin IAM user responsible for managing AWS resources. Recently, I enabled CloudTrail, SNS, SQS, and created an S3 bucket, all of which are prerequisite steps for integration account activity logs with Elasticsearch.

The creation of CloudTrail through an S3 bucket proceeded smoothly. However, when attempting to create an S# event notification to SQS, I encountered an error message stating, "Unknown Error: An unexpected error occurred. API responseUnable to validate the following destination configurations." Additionally, Amazon Q Analysis suggests that "The user likely does not have the necessary permissions to configure notifications for this S3 bucket. While the bucket itself may allow listing and accessing objects, permission to modify bucket properties and notifications is controlled separately."

Can you please help in identifying the root cause of this issue? Thanks a lot.

주제
서버리스애플리케이션 통합스토리지
태그
아마존 심플 큐 서비스아마존 S3 액세스 그랜트
언어
English
joshus
질문됨 2달 전200회 조회
2개 답변
1
수락된 답변

Hello.

You need to check the resource-based policy on the SQS side.
Try setting the policy mentioned in the below document on SQS.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/grant-destinations-permissions-to-s3.html#grant-sns-sqs-permission-for-s3

{
    "Version": "2012-10-17",
    "Id": "example-ID",
    "Statement": [
        {
            "Sid": "example-statement-ID",
            "Effect": "Allow",
            "Principal": {
                "Service": "s3.amazonaws.com"
            },
            "Action": [
                "SQS:SendMessage"
            ],
            "Resource": "arn:aws:sqs:Region:account-id:queue-name",
            "Condition": {
                "ArnLike": {
                    "aws:SourceArn": "arn:aws:s3:*:*:awsexamplebucket1"
                },
                "StringEquals": {
                    "aws:SourceAccount": "bucket-owner-account-id"
                }
            }
        }
    ]
}
profile picture
전문가
Riku_Kobayashi
답변함 2달 전
0

Thanks so much! I'm glad this helped. My problem was with 'aws:SourceAccount': 'bucket-owner-account-id', which I had completely missed out.

joshus
답변함 2달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠