如何在代码中创建AWS SNS主题（iOS Mobile Hub SDK）

大卫·乌

我想在代码中动态创建Amazon SNS主题。我正在使用适用于iOS的AWS Mobile Hub sdk。

当我尝试创建主题时

…
AWSSNSCreateTopicInput* input = [AWSSNSCreateTopicInput new];
NSString* name = @"topic_name";
[input setName:name];

[[[[AWSSNS defaultSNS] createTopic:input] continueWithSuccessBlock:^id _Nullable(AWSTask<AWSSNSCreateTopicResponse *> * _Nonnull task)
…

我从AWS收到一个错误：

<Message>User: (role/credentials) is not authorized to perform: SNS:CreateTopic on resource: (topic)</Message>

（角色/凭证）代表IAM角色及其Cognito凭证。（topic）是我通过提供主题名称请求的主题的ARN

AWS Mobile Hub为我的Mobile Hub角色创建了以下推送策略：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sns:CreatePlatformEndpoint",
                "sns:GetEndpointAttributes",
                "sns:SetEndpointAttributes"
            ],
            "Resource": [
                "(APN role arn)"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sns:Subscribe",
                "sns:Publish",
                "sns:Unsubscribe"
            ],
            "Resource": [
                "(dynamodb role arn)",
                "(Mobile Hub Role arn)"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "sns:ListTopics"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

我尝试添加线

"sns:CreateTopic",

到中间的权限集（恰好在“ sns：Subscribe”上方），但这不能解决错误。从错误消息并阅读AWS文档，看来我必须将策略附加到我创建的每个主题上才能使用它。以下是AWS文档中可能相关的2个片段：

The following example shows the permissions that are automatically created by AWS Config for a new topic. This policy statement allows AWS Config to publish to a specified Amazon SNS topic.

If you want to use an existing SNS topic from another account or you set up your delivery channel using the API, make sure to attach the following policy to the SNS topic.

{
  "Id": "Policy1415489375392",
  "Statement": [
    {
      "Sid": "AWSConfigSNSPolicy20150201",
      "Action": [
        "SNS:Publish"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:sns:region:account-id:myTopic",
      "Principal": {
        "Service": [
          "config.amazonaws.com"
        ]
      }
    }
  ]
}

和

 IAM Role Policy for Amazon SNS Topic

Use this example policy as a model for granting AWS Config permissions to access your SNS topic:

{
  "Version": "2012-10-17",
  "Statement": 
   [
     {
      "Effect":"Allow",
      "Action":"sns:Publish",
      "Resource":"yourSNStopicARN"
     }
    ]
}

这就是我使用SDK创建主题所能找到的全部信息。谁能提供或指出我一个完整的例子？

谢谢

安德鲁·C

支持移动推送的服务AWS for Amazon SNS论坛（简单通知服务）可能是获得有关此主题的帮助的更好位置。
https://forums.aws.amazon.com/forum.jspa?forumID=72

问题似乎是适当的移动应用程序用户IAM角色没有创建主题的权限。默认情况下，Mobile Hub不授予移动应用程序用户创建SNS主题的权限。您应该将sns：CreateTopic权限添加到具有sns：ListTopic的语句中，如下所示：

    {
        "Effect": "Allow",
        "Action": [
            "sns:ListTopics",
            "sns:CreateTopic",
        ],
        "Resource": [
            "*"
        ]
    }

本文收集自互联网，转载请注明来源。

如有侵权，请联系 [email protected] 删除。