sunmingtao
commented
4 years ago The policy attached to SNS topic is wrong. It was
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CodeNotification_publish",
"Effect": "Allow",
"Principal": {
"Service": "codestar-notifications.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:ap-southeast-2:527875336349:codestar-notifications-lab"
},
{
"Sid": "AWSEvents_CodePipelineFailures_Id5250137366173",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": "sns:Publish",
"Resource": "arn:aws:sns:ap-southeast-2:527875336349:codestar-notifications-lab"
}
]
}Update to
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:Publish",
"SNS:RemovePermission",
"SNS:SetTopicAttributes",
"SNS:DeleteTopic",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:Receive",
"SNS:AddPermission",
"SNS:Subscribe"
],
"Resource": "arn:aws:sns:ap-southeast-2:527875336349:smt-topic",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "527875336349"
}
}
}
]
}
Create a new alarm When alarm is in "In Alarm" state, it fails to send notification to topic
Failed to execute action arn:aws:sns:ap-southeast-2:527875336349:codestar-notifications-lab. Received error: "Resource: arn:aws:cloudwatch:ap-southeast-2:527875336349:alarm:smt-alarm-2 is not authorized to perform: SNS:Publish on resource: arn:aws:sns:ap-southeast-2:527875336349:codestar-notifications-lab"