본문 바로가기

Storage&CDN/S3

AWS S3 Events(SNS) or CloudWatch Event Trigger(S3 -> SNS)

S3에 오브젝트 업로드 시 SNS로 받은 후 HTTP(S) 트리거 시에 "Permissions on the destination topic do not allow S3 to publish notifications from this bucket" 같은 에러 발생.

 

이는 SNS의 Policy 문제로 SNS의 Access policy - optional에 아래와 같은 Policy를 넣어줘야 함.

CloudWatch Event Trigger에서도 S3가 Source일 경우 동일하게 동작하지 않음.

{
  "Version": "2008-10-17",
  "Id": "example-ID",
  "Statement": [
    {
      "Sid": "example-statement-ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "SNS:Publish",
      "Resource": "arn:aws:sns:ap-northeast-2:557652101750:test",
      "Condition": {
        "ArnLike": {
          "aws:SourceArn": "arn:aws:s3:*:*:lee-batch-test"
        }
      }
    }
  ]
}

다른 AWS Source의 경우 SNS Policy 등록없이 동작했는데, S3의 경우 등록이 필요함... 

왜인지는 모르겠음 그냥 Policy 넣으면 됨...

 

https://docs.aws.amazon.com/AmazonS3/latest/dev/ways-to-add-notification-config-to-bucket.html

Example Walkthrough: Configure a Bucket for Notifications (Message Destination: SNS Topic and SQS Queue)

docs.aws.amazon.com

 

http(s)의 경우 confirm subscription 작업이 필요하다.

아래 링크를 참고

 

How can i confirm the subscription request HTTP from amazon SNS

I have been searching all over the web and nothing gives a clear answer to confirm the subscription request from amazon SNS. I already send the subscription from the amazon console to my website, but

stackoverflow.com

SNS POST Message 형태는 아래 참고

 

Amazon SES Notifications Sent to HTTP/HTTPS Service Using SNS and Expressjs

My company recently switched from SparkPost to Amazon SES to provide our email sending services. I don’t want to go off on SparkPost, but there were too many missing features, safeguards, and their support let us down on a couple of occasions. The last str

trentmillar.github.io