时间戳

首页 > 解决方案 > 我无法创建 CloudWatch 规则以使用 terraform 创建 SQS 消息

amazon-web-services - 我无法创建 CloudWatch 规则以使用 terraform 创建 SQS 消息

问题描述

我正在尝试创建每分钟执行一次的 AWS CloudWatch 规则,以在 SQS 中创建消息。当我使用下面的 Terraform 脚本时,一切看起来都可以找到,但 SQS my_queue 没有收到任何消息。

使用 Amazon 控制台更新规则 my_trigger 时,会在 SQS 中创建消息。

provider "aws" {
  region = "eu-central-1"
}

resource "aws_sqs_queue" "this_sqs_queue" {
  name                        = "my_queue"
  fifo_queue                  = "false"
  content_based_deduplication = "false"
  visibility_timeout_seconds  = 30
  message_retention_seconds   = 345600
  max_message_size            = 262144
  receive_wait_time_seconds   = 0
  delay_seconds               = 0
}

resource "aws_cloudwatch_event_rule" "cloudwatch_event_rule" {
  name                = "my_trigger"
  schedule_expression = "rate(1 minute)"
}

resource "aws_cloudwatch_event_target" "cloudwatch_event_target" {
  rule       = "${aws_cloudwatch_event_rule.cloudwatch_event_rule.name}"
  arn        = "${aws_sqs_queue.this_sqs_queue.arn}"
}

非常感谢任何帮助。

标签: amazon-web-servicesterraformamazon-sqsamazon-cloudwatch

解决方案

您需要在 SQS 队列上创建策略。当您使用控制台创建/更新时,AWS 会自动为您执行此操作。但是,在使用 Terraform 时,您需要明确地创建它。

resource "aws_sqs_queue_policy" "this_sqs_queue_policy" {
  queue_url = "${aws_sqs_queue.this_sqs_queue.id}"
  policy    = <<POLICY
{
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "events.amazonaws.com"
      },
      "Action": "sqs:SendMessage",
      "Resource": "${aws_sqs_queue.this_sqs_queue.arn}",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "${aws_cloudwatch_event_rule.cloudwatch_event_rule.arn}"
        }
      }
    }
  ]
}
POLICY
}

推荐阅读