amazon-web-services - Cloudwatch 自定义事件 SQS 无法正常工作

问题描述

我正在使用 terraform 创建队列，同时还创建 Cloudwatch 事件规则并将其中一个队列设置为规则的目标。

总之，我有一个队列，它是 3 个单独的 cloudwatch 事件的目标。问题是，即使 cloudwatch 事件规则相同，但只有一个在通过 terraform 创建时有效，其他的最终在控制台中调用失败，没有日志或任何类型的可调试信息。如果自定义事件是从 aws 控制台创建的，则一切正常。

在 terraform 中创建队列

resource "aws_sqs_queue" "queue_cron" {
  name                       = "cron"
  visibility_timeout_seconds = 300 # 5 minutes
  delay_seconds              = 0
  message_retention_seconds  = 1800 # 30 minutes
  receive_wait_time_seconds  = 20
}

唯一的工作块

resource "aws_cloudwatch_event_rule" "eve_vendors_bot_sync" {
  name                = "vendors-bot-sync"
  schedule_expression = "rate(1 minute)"
  description         = "Notify cron queue for vendors bot sync"
  is_enabled          = true
}

resource "aws_cloudwatch_event_target" "sqs_cron_vendors_bot_sync" {
  rule      = aws_cloudwatch_event_rule.eve_vendors_bot_sync.name
  arn       = var.queue_cron_arn
  target_id = "sqsCronVendorBotSync"

  input_transformer {
    input_template = <<EOF
{
   "messageType":"cron",
   "cronType":"vendors-bot-sync"
}
EOF
  }
}

即使它的结构与上述结构相同，也不起作用。

resource "aws_cloudwatch_event_rule" "eve_restos_sync" {
  name                = "restos-sync"
  schedule_expression = "rate(1 minute)"
  description         = "Notify cron queue for restos sync"
  is_enabled          = true
}

resource "aws_cloudwatch_event_target" "sqs_cron_restos_sync" {
  rule      = aws_cloudwatch_event_rule.eve_restos_sync.name
  arn       = var.queue_cron_arn
  target_id = "sqsCronRestosSync"

  input_transformer {
    input_template = <<EOF
{
   "messageType":"cron",
   "cronType":"restaurant-hours-open-close-management"
}
EOF
  }
}

和上面的一样，不起作用

resource "aws_cloudwatch_event_rule" "eve_vendors_orders_sync" {
  name                = "vendors-orders-sync"
  schedule_expression = "rate(1 minute)"
  description         = "Notify cron queue for vendors orders sync"
  is_enabled          = true
}
resource "aws_cloudwatch_event_target" "target_cron_vendors_sync" {
  rule      = aws_cloudwatch_event_rule.eve_vendors_orders_sync.name
  arn       = var.queue_cron_arn
  target_id = "sqsCronVendorsOrderSync"

  input_transformer {
    input_template = <<EOF
{
   "messageType":"cron",
   "cronType":"vendors-orders-sync"
}
EOF
  }
}

回答

@Marchin 正确指出的难题中缺失的部分确实是阻止 cloudwatch 向 SQS 发送消息的策略。这是使它工作的更新配置。

1. 创建队列
2. 创建一个策略，允许 cloudwatch 向队列发送消息
3. 将策略附加到队列

resource "aws_sqs_queue" "queue_cron" {
  name                       = "cron"
  visibility_timeout_seconds = 300 # 5 minutes
  delay_seconds              = 0
  message_retention_seconds  = 1800 # 30 minutes
  receive_wait_time_seconds  = 20
}

data "aws_iam_policy_document" "policy_sqs" {
  statement {

    sid    = "AWSEvents_"
    effect = "Allow"
    actions = [
      "sqs:SendMessage",
    ]

    principals {
      type        = "Service"
      identifiers = ["events.amazonaws.com"]
    }

    resources = [aws_sqs_queue.queue_cron.arn]

  }
}

resource "aws_sqs_queue_policy" "cron_sqs_policy" {

  queue_url = aws_sqs_queue.queue_cron.id
  policy    = data.aws_iam_policy_document.policy_sqs.json

}

标签： amazon-web-servicesterraformamazon-cloudwatchterraform-provider-awsamazon-cloudwatch-events