无法创建具有交付状态属性的 SNS 平台应用程序
Unable to create SNS platform application with delivery status attributes
我正在尝试创建 SNS 平台应用程序并使用 AWS SDK (Java) 为其启用传送状态功能。作为第一步,我创建了必要的角色 "SNSSuccessFeedback" 和 "SNSFailureFeedback"。示例代码(Groovy):
AmazonIdentityManagementClient aimClient = getAimClient(/*credentials*/)
// create "SNSSuccessFeedback" role:
aimClient.createRole(new CreateRoleRequest().withRoleName("SNSSuccessFeedback")
.withAssumeRolePolicyDocument('{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"sns.amazonaws.com"},"Action":"sts:AssumeRole"}]}'))
aimClient.putRolePolicy(new PutRolePolicyRequest().withRoleName("SNSSuccessFeedback")
.withPolicyName("oneClick_SNSSuccessFeedback_1234567890")
.withPolicyDocument('{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents","logs:PutMetricFilter","logs:PutRetentionPolicy"],"Resource":["*"]}]}'))
// the same code for "SNSFailureFeedback" role
// get ARN for both "SNSSuccessFeedback" and "SNSFailureFeedback"
// create platform application:
AmazonSNSClient snsClient = getSnsClient(/*credentials*/)
snsClient.createPlatformApplication(new CreatePlatformApplicationRequest()
.withName("myapp")
.withPlatform("APNS")
.withAttributes([PlatformPrincipal: "certificate", PlatformCredential: "key",
SuccessFeedbackRoleArn: successRoleArn, FailureFeedbackRoleArn: failureRoleArn,
SuccessFeedbackSampleRate: "100"]))
但由于某种原因我得到错误:
无效参数:属性原因:属性值无效:FailureFeedbackRoleArn:arn:aws:iam::1234567890:role/SNSFailureFeedback 不是允许 SNS 写入 Cloudwatch 日志的有效角色(服务:AmazonSNS;状态代码: 400;错误代码:InvalidParameter;请求 ID:c1dbd591-f044-584a-bbac-85fa9a0cbe8d)
如果我只是在角色创建之后和平台应用创建之前添加延迟(例如Thread.sleep(5000)),那么平台应用将成功创建而不会出错。
那么,创建启用交付状态的角色和平台应用程序的正确方法是什么?
您在创建角色时遇到了最终一致性问题。时间延迟允许角色有时间 "visible" 到下一个 API 请求。您可以枚举 IAM 角色以查看您需要的角色是否为 "visible."
,而不是任意时间延迟
我正在尝试创建 SNS 平台应用程序并使用 AWS SDK (Java) 为其启用传送状态功能。作为第一步,我创建了必要的角色 "SNSSuccessFeedback" 和 "SNSFailureFeedback"。示例代码(Groovy):
AmazonIdentityManagementClient aimClient = getAimClient(/*credentials*/)
// create "SNSSuccessFeedback" role:
aimClient.createRole(new CreateRoleRequest().withRoleName("SNSSuccessFeedback")
.withAssumeRolePolicyDocument('{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"sns.amazonaws.com"},"Action":"sts:AssumeRole"}]}'))
aimClient.putRolePolicy(new PutRolePolicyRequest().withRoleName("SNSSuccessFeedback")
.withPolicyName("oneClick_SNSSuccessFeedback_1234567890")
.withPolicyDocument('{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["logs:CreateLogGroup","logs:CreateLogStream","logs:PutLogEvents","logs:PutMetricFilter","logs:PutRetentionPolicy"],"Resource":["*"]}]}'))
// the same code for "SNSFailureFeedback" role
// get ARN for both "SNSSuccessFeedback" and "SNSFailureFeedback"
// create platform application:
AmazonSNSClient snsClient = getSnsClient(/*credentials*/)
snsClient.createPlatformApplication(new CreatePlatformApplicationRequest()
.withName("myapp")
.withPlatform("APNS")
.withAttributes([PlatformPrincipal: "certificate", PlatformCredential: "key",
SuccessFeedbackRoleArn: successRoleArn, FailureFeedbackRoleArn: failureRoleArn,
SuccessFeedbackSampleRate: "100"]))
但由于某种原因我得到错误:
无效参数:属性原因:属性值无效:FailureFeedbackRoleArn:arn:aws:iam::1234567890:role/SNSFailureFeedback 不是允许 SNS 写入 Cloudwatch 日志的有效角色(服务:AmazonSNS;状态代码: 400;错误代码:InvalidParameter;请求 ID:c1dbd591-f044-584a-bbac-85fa9a0cbe8d)
如果我只是在角色创建之后和平台应用创建之前添加延迟(例如Thread.sleep(5000)),那么平台应用将成功创建而不会出错。
那么,创建启用交付状态的角色和平台应用程序的正确方法是什么?
您在创建角色时遇到了最终一致性问题。时间延迟允许角色有时间 "visible" 到下一个 API 请求。您可以枚举 IAM 角色以查看您需要的角色是否为 "visible."
,而不是任意时间延迟