问题描述
我已经设置了SNS主题和订阅(实际上超过1个)以使用SQS DLQ。但是每个人都告诉我我有一个政策错误。
我的SNS订阅设置了DLQ:
我的队列存在:
我在SQS队列上设置了以下访问策略:
{
"Version": "2008-10-17","Id": "__default_policy_ID","Statement": [
{
"Sid": "__owner_statement","Effect": "Allow","Principal": {
"AWS": "arn:aws:iam::1234:root"
},"Action": "SQS:*","Resource": "arn:aws:sqs:eu-west-2:1234:AggregateMonitoringDeadLetterQueue"
},{
"Effect": "Allow","Principal": {
"Service": "sns.amazonaws.com"
},"Action": "SQS:SendMessage","Resource": "arn:aws:sqs:eu-west-2:1234:AggregateMonitoringDeadLetterQueue","Condition": {
"ArnLike": {
"aws:SourceArn": [
"arn:aws:sns:eu-west-2:1234:aggregator-state","arn:aws:sns:eu-west-2:1234:rank-state-publication","arn:aws:sns:eu-west-2:1234:rank-state-categorisation"
]
}
}
}
]
}
我还尝试在队列上使用一个非常通用的访问策略:
{
"Version": "2008-10-17","Principal": {
"AWS": "*"
},"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:sns:eu-west-2:1234:*"
}
}
}
]
}
我一直在关注https://docs.aws.amazon.com/sns/latest/dg/sns-configure-dead-letter-queue.html(第5步说明了设置策略)
其他参考:https://docs.aws.amazon.com/sns/latest/dg/sns-dead-letter-queues.html
我一定做错了什么,或者错过了什么?我无法摆脱错误。
解决方法
请参阅this answer,其中指出尽管出现了错误消息,但失败的消息仍可以正确发送到DLQ。
从我这一边,我可以确认自己在DLQ中收到了与您一样配置的那些失败消息(通过遵循同一文档https://docs.aws.amazon.com/sns/latest/dg/sns-configure-dead-letter-queue.html)。