使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Not getting alerts from Autocalling when encryption enabled in SNS topic

0

When we enable the encryption on SNS topic then not getting autoscale related alerts from AWS side. I created the KMS key custom and gave the all permission but it's not working.

{ "Sid": "Enable SNS access to KMS", "Effect": "Allow", "Principal": { "Service": [ "ses.amazonaws.com", "s3.amazonaws.com", "cloudwatch.amazonaws.com", "events.amazonaws.com", "ec2.amazonaws.com" ] }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*" }

主題
安全性、身分識別與合規管理與治理應用程式整合
標籤
AWS Key Management ServiceAWS Auto ScalingAmazon Simple Notification Service (SNS)
語言
English
AnujG
已提問 9 個月前檢視次數 215 次
1 個回答
1
已接受的答案

I believe the issue is in the "Principal" field. You can use "*" Or you can use "arn:aws:iam::<accountID>:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" Or you can create your own role with a copy of AWSServiceRoleForAutoScaling.

profile pictureAWS
專家
lmessier
已回答 9 個月前
  • lmessier 專家
    9 個月前

    For a bit more detail, here is what the policy should look like and the link to the documentation. You're almost there.

    { "Sid": "Allow service-linked role use of the customer managed key", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<accountID>:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling" }, "Action": [ "kms:GenerateDataKey*", "kms:Decrypt" ], "Resource": "*" }

    https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-sns-notifications.html#sns-kms-permissions

    You can let us know if that works. Thanks.

  • AnujG
    9 個月前

    Hi Team, I want to get alerts for all events in aws. If I put this only then I did not get other alerts like cloud watch and all.

    Thanks, Anuj

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容