Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to setup permissions for S3 event to SNS topic?

Tags:

I am trying to create an event on an S3 bucket (named testBucket) so that every time a new object is created, a message is sent to SNS.

I've done some research and added:

"ArnLike": {"aws:SourceArn": "arn:aws:s3:*:*:testBucket"}

to the target topic's policy.

But, when I try to create the event, it still shows: Permissions on the destination topic do not allow S3 to publish notifications from this bucket.

Any ideas?

like image 508
ChenL Avatar asked Jun 29 '16 01:06

ChenL

People also ask

How do you grant the Amazon S3 principal permissions to call the relevant API to publish messages to SNS topic?

To grant Amazon S3 permissions to publish messages to the SNS topic or SQS queue, attach an AWS Identity and Access Management (IAM) policy to the destination SNS topic or SQS queue.

How do I enable and configure event notifications for an S3 bucket?

Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that you want to enable events for. Choose Properties. Navigate to the Event Notifications section and choose Create event notification.

Who can change permissions on a topic SNS?

Description. SNS topic policy is used to control user access to SNS topics. By default, only the account owner has access to a topic, but the permissions can be changed to allow access by any user. If unrestricted access to a topic is allowed, anyone can manage it.

2 Answers

Problem solved. Before I was adding the condition line inside the default statement:

    "ArnLike": {
        "aws:SourceArn": "arn:aws:s3:*:*:testBucket"
    }

Turns out I have to create a new statement with publish action in it.

        {
          "Sid": "publish-from-s3",
          "Effect": "Allow",
          "Principal": {
            "Service": "s3.amazonaws.com"
          },
          "Action": "SNS:Publish",
          "Resource": "arn:aws:sns:ap-southeast-2:XXXXXXXXXXXXXX:testTopicforS3",
          "Condition": {
            "ArnLike": {
              "aws:SourceArn": "arn:aws:s3:*:*:testBucket"
            }
          }
        }
like image 140
ChenL Avatar answered Sep 22 '22 15:09

ChenL

Yeah, after create SNS, modify it to add a statement (after the default one):

{
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:Publish",
        "SNS:RemovePermission",
        "SNS:SetTopicAttributes",
        "SNS:DeleteTopic",
        "SNS:ListSubscriptionsByTopic",
        "SNS:GetTopicAttributes",
        "SNS:Receive",
        "SNS:AddPermission",
        "SNS:Subscribe"
      ],
      "Resource": "your sns arn"
    },
    {
      "Sid": "s3",
      "Effect": "Allow",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Action": "SNS:Publish",
      "Resource": "your sns arn"
    }
  ]
}
like image 35
Walterwhites Avatar answered Sep 24 '22 15:09

Walterwhites
Sign in to Comment

Related questions

How to include the end date in a DatePeriod?
javascript - find unique objects in array based on multiple properties
How to debug programs with "sudo" in VSCODE
Where is `CV_HAAR_SCALE_IMAGE` in OpenCV 3.1.0 with Python 3.5?
VS Code, change NodeJS version for debugger
Understanding D3 domain and ranges
Avoid copying all constructors in subclasses
Docker: Couldn't connect to docker daemon at http+docker://localunixsocket -is it running?
How to get the http referer in laravel?
git submodule update --init --recursive hangs
How to fill the height of the viewport with tailwind css
Cropping Concave polygon from Image using Opencv python

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!