AWS Incident Manager - Slack Notification - SNS Topic Permission issue
0
I have an SNS topic for the ChatOps and I configured Slack to send messages via sns. The test message is working fine. Now Im creating a response plan in the incident manager to send the message to Slack. But which I click on save button Im getting the following error.
There was an error in creating the response plan.
Topic policy does not allow the service to publish to these SNS topics: arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager
But as per the Incident Manager Doc, I have added the following line into the SNS access policy.
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "sns:Publish",
"Resource": "arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager"
},
{
"Sid": "IncidentManagerSNSPublishingPermissions",
"Effect": "Allow",
"Principal": {
"Service": "ssm-incidents.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager",
"Condition": {
"StringEqualsIfExists": {
"AWS:SourceAccount": "xxxxxxxxxx"
}
}
}
]
}
Not sure where is the error.
Tags
Idioma
English
feita há 8 meses253 visualizações
1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
1
This type of error happens when the topic is encrypted and the KMS key that is used to encrypt the topic does not have the necessary permissions that allow Systems Manger to use the key. Kindly add the following statement to the KMS key's policy and try to save the response plan.
{
"Sid": "Allow CWE to use the key",
"Effect": "Allow",
"Principal": {
"Service": "ssm-incidents.amazonaws.com"
},
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey*"
],
"Resource": "*"
}
respondido há 7 meses
Conteúdo relevante
AWS OFICIALAtualizada há 10 meses- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 2 anos