S3에 오브젝트 업로드 시 SNS로 받은 후 HTTP(S) 트리거 시에 "Permissions on the destination topic do not allow S3 to publish notifications from this bucket" 같은 에러 발생.
이는 SNS의 Policy 문제로 SNS의 Access policy - optional에 아래와 같은 Policy를 넣어줘야 함.
CloudWatch Event Trigger에서도 S3가 Source일 경우 동일하게 동작하지 않음.
{
"Version": "2008-10-17",
"Id": "example-ID",
"Statement": [
{
"Sid": "example-statement-ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:ap-northeast-2:557652101750:test",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:lee-batch-test"
}
}
}
]
}다른 AWS Source의 경우 SNS Policy 등록없이 동작했는데, S3의 경우 등록이 필요함...
왜인지는 모르겠음 그냥 Policy 넣으면 됨...
https://docs.aws.amazon.com/AmazonS3/latest/dev/ways-to-add-notification-config-to-bucket.html
Example Walkthrough: Configure a Bucket for Notifications (Message Destination: SNS Topic and SQS Queue)
docs.aws.amazon.com
http(s)의 경우 confirm subscription 작업이 필요하다.
아래 링크를 참고
How can i confirm the subscription request HTTP from amazon SNS
I have been searching all over the web and nothing gives a clear answer to confirm the subscription request from amazon SNS. I already send the subscription from the amazon console to my website, but
stackoverflow.com
SNS POST Message 형태는 아래 참고
Amazon SES Notifications Sent to HTTP/HTTPS Service Using SNS and Expressjs
My company recently switched from SparkPost to Amazon SES to provide our email sending services. I don’t want to go off on SparkPost, but there were too many missing features, safeguards, and their support let us down on a couple of occasions. The last str
trentmillar.github.io
아래와 같은 형식으로 JSON을 받음.
{
"version":"0",
"id":"exx9-ae45-dc21-f644-5bc016edc4f1",
"detail-type":"MediaConvert Job State Change",
"source":"aws.mediaconvert",
"account":"588xxx06",
"time":"2020-03-20T06:37:36Z",
"region":"ap-northeast-2",
"resources":[
"arn:aws:mediaconvert:ap-northeast-2:5881xxx906:jobs/15xxx5222-qvs7iy"
],
"detail":{
"timestamp":1584686256265,
"accountId":"588xxxx906",
"queue":"arn:aws:mediaconvert:ap-northeast-2:58xxxx906:queues/Default",
"jobId":"1584686235222-qvs7iy",
"status":"COMPLETE",
"userMetadata":{
"assetID":"496e109d-3c93-4288-bd5f-45ebcee9c9fb"
},
"outputGroupDetails":[
{
"outputDetails":[
{
"outputFilePaths":[
"s3://txx-ad-encoded/TRAILER/HLS/TRAILER_1080p.m3u8"
],
"durationInMs":21021,
"videoDetails":{
"widthInPx":1920,
"heightInPx":1080
}
},
{
"outputFilePaths":[
"s3://txxx-ad-encoded/TRAILER/HLS/TRAILER_720p.m3u8"
],
"durationInMs":21021,
"videoDetails":{
"widthInPx":1280,
"heightInPx":720
}
},
{
"outputFilePaths":[
"s3://txx-ad-encoded/TRAILER/HLS/TRAILER_360p.m3u8"
],
"durationInMs":21021,
"videoDetails":{
"widthInPx":720,
"heightInPx":480
}
},
{
"outputFilePaths":[
"s3://txxx-ad-encoded/TRAILER/HLS/TRAILER_270p.m3u8"
],
"durationInMs":21021,
"videoDetails":{
"widthInPx":480,
"heightInPx":270
}
}
],
"playlistFilePaths":[
"s3://tving-ad-encoded/TRAILER/HLS/TRAILER.m3u8"
],
"type":"HLS_GROUP"
},
{
"outputDetails":[
{
"outputFilePaths":[
"s3://tving-ad-encoded/TRAILER/Thumbnails/TRAILER.0000000.jpg"
],
"durationInMs":10000,
"videoDetails":{
"widthInPx":480,
"heightInPx":270
}
}
],
"type":"FILE_GROUP"
}
]
}
}
이번 글과 별개로 CloudWatch Event에서 Schedule을 사용할 경우 UTC 기반으로 동작하는 점 참고.
'Storage&CDN > S3' 카테고리의 다른 글
| Amazon S3 Intelligent-Tiering 30초 정리 (0) | 2021.01.19 |
|---|---|
| S3 sync shell(IDC -> S3 데이터 실시간 복제) (0) | 2020.05.13 |
| Amazon S3-CloudFront Redirect(IDC Content S3로 이관 시) (0) | 2017.04.07 |
| Amazon S3FS vs EBS Performance (2) | 2016.01.27 |
| Amazon S3 Region 간 데이터 복제 (0) | 2016.01.12 |
