java 使用 AmazonSNSClient 发送短信时的授权
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/38871201/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Authorization when sending a text message using AmazonSNSClient
提问by pulse00
The official aws documentation on how to send a Textmessagewith the aws SDK in java is pretty straightforward.
关于如何在 java 中使用 aws SDK发送文本消息的官方 aws 文档非常简单。
However, when sending a message like shown in the example at the bottom, I'm getting the error User: arn:aws:iam::xxx:user/sms-testing is not authorized to perform: SNS:Publish on resource: +999999999
但是,当发送底部示例中所示的消息时,我收到错误消息 User: arn:aws:iam::xxx:user/sms-testing is not authorized to perform: SNS:Publish on resource: +999999999
Note that +999999999is the phone number passed to the .withPhoneNumber()call, so the aws api complains about my IAM user not having the necessary permission to SNS:Publisha message to the resource with that phone number.
请注意,这+999999999是传递给.withPhoneNumber()呼叫的电话号码,因此 aws api 抱怨我的 IAM 用户没有必要的权限来SNS:Publish使用该电话号码向资源发送消息。
My question: How do I create an IAM user which is able to send SMS notifications through the java SDK? Currently, it looks like I would have to create a permission for each number I'm sending messages to, which seems weird and hard to maintain.
我的问题:如何创建能够通过 java SDK 发送 SMS 通知的 IAM 用户?目前,看起来我必须为我要向其发送消息的每个号码创建一个权限,这看起来很奇怪且难以维护。
回答by Dennis H
The error is telling you that your IAM user "sms-testing" does not have permission to publish to SNS (SNS:Publish) to that resource. Your IAM user probably does not have the SNS:Publish permission at all, which means you can't publish anything. If that is the case, you just need to add the following IAM policy to your user OR add the policy to the IAM Group from which your IAM user belongs.
该错误告诉您,您的 IAM 用户“sms-testing”无权向 SNS (SNS:Publish) 发布该资源。您的 IAM 用户可能根本没有 SNS:Publish 权限,这意味着您无法发布任何内容。如果是这种情况,您只需将以下 IAM 策略添加到您的用户或将策略添加到您的 IAM 用户所属的 IAM 组。
The link below should take you right to the IAM console to edit permissions for the "sms-testing" user. Also below is a sample policy allowing the IAM user to publish anything to SNS (SMS, Topics, Endpoints, etc..).
下面的链接应该会将您带到 IAM 控制台,以编辑“sms-testing”用户的权限。下面还有一个示例策略,允许 IAM 用户向 SNS 发布任何内容(SMS、主题、端点等)。
If you want to lock down permissions a bit, you would modify the "Resource" and specify a specific SNS resource like Topic or application arn. If you are unable to edit the IAM user policy, you'll need to get your administrator to add this policy for you.
如果您想稍微锁定权限,您可以修改“资源”并指定特定的 SNS 资源,如主题或应用程序 arn。如果您无法编辑 IAM 用户策略,则需要让您的管理员为您添加此策略。
Modify your IAM user: https://console.aws.amazon.com/iam/home?region=us-east-1#users/sms-testing
修改您的 IAM 用户:https: //console.aws.amazon.com/iam/home?region =us-east-1#users/sms-testing
Sample policy for allowing SNS Publish to ALL resources:
允许 SNS 发布到所有资源的示例策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": "*"
}
]
}
Since SNS does not have an SMS resource, you can do a bit of a hack and "Deny" all SNS publishing to Topics and Platform Applications and then allow publish to the rest which leaves only SMS (for now).
由于 SNS 没有 SMS 资源,您可以进行一些黑客攻击并“拒绝”所有 SNS 发布到主题和平台应用程序,然后允许发布到仅留下 SMS 的其余部分(目前)。
Here's a sample policy allowing only publish to SMS and denying publishing to topics and applications (push notifications):
这是一个仅允许发布到 SMS 并拒绝发布到主题和应用程序(推送通知)的示例策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"sns:Publish"
],
"Resource": "arn:aws:sns:*:*:*"
},
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": "*"
}
]
}
Hope that helps.
希望有帮助。
-Dennis
-丹尼斯
