AWS Incident Manager - Slack Notification - SNS Topic Permission issue
0
I have an SNS topic for the ChatOps and I configured Slack to send messages via sns. The test message is working fine. Now Im creating a response plan in the incident manager to send the message to Slack. But which I click on save button Im getting the following error.
There was an error in creating the response plan.
Topic policy does not allow the service to publish to these SNS topics: arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager
But as per the Incident Manager Doc, I have added the following line into the SNS access policy.
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "sns:Publish",
"Resource": "arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager"
},
{
"Sid": "IncidentManagerSNSPublishingPermissions",
"Effect": "Allow",
"Principal": {
"Service": "ssm-incidents.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:ap-south-1:xxxxxxxxx:AWSChatBot-Incident-Manager",
"Condition": {
"StringEqualsIfExists": {
"AWS:SourceAccount": "xxxxxxxxxx"
}
}
}
]
}
Not sure where is the error.
語言
English
已提問 8 個月前檢視次數 254 次
1 個回答
- 最新
- 最多得票
- 最多評論
1
This type of error happens when the topic is encrypted and the KMS key that is used to encrypt the topic does not have the necessary permissions that allow Systems Manger to use the key. Kindly add the following statement to the KMS key's policy and try to save the response plan.
{
"Sid": "Allow CWE to use the key",
"Effect": "Allow",
"Principal": {
"Service": "ssm-incidents.amazonaws.com"
},
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey*"
],
"Resource": "*"
}
已回答 7 個月前
相關內容
- 已提問 10 個月前
- 已提問 6 個月前
AWS 官方已更新 3 年前- AWS 官方已更新 2 年前
