以 SQS 队列为目标的 CloudWatch 事件无法工作

Posted

技术标签:

【中文标题】以 SQS 队列为目标的 CloudWatch 事件无法工作【英文标题】:CloudWatch Event that targets SQS Queue fails to work 【发布时间】:2019-01-30 02:57:19 【问题描述】:

根据本文,可以将 SQS 设置为预定 CloudWatch 事件的目标:

https://aws.amazon.com/ru/about-aws/whats-new/2016/03/cloudwatch-events-now-supports-amazon-sqs-queue-targets/

我创建了一个简单的 Cloud Formation 模板,旨在每分钟触发 CloudWatch 事件,因此新消息应出现在 SQS 中,但由于 SQS 中没有消息,因此缺少某些内容。

代码:


"AWSTemplateFormatVersion": "2010-09-09",
"Description": "stack 1",
"Parameters": 

,
"Resources": 
    "MyQueue": 
        "Type": "AWS::SQS::Queue",
        "Properties": 
            "QueueName": "MyQueue"
        
    ,
    "MyRole": 
        "Type": "AWS::IAM::Role",
        "Properties": 
            "RoleName": "MyRole",
            "AssumeRolePolicyDocument": 
                "Version": "2012-10-17",
                "Statement": [
                    "Effect": "Allow",
                    "Principal": 
                        "Service": ["events.amazonaws.com", "lambda.amazonaws.com"]
                    ,
                    "Action": "sts:AssumeRole"
                ]
            ,
            "Path": "/",
            "Policies": [
                "PolicyName": "CloudWatchPolicy",
                "PolicyDocument": 
                    "Version": "2012-10-17",
                    "Statement": [
                        "Effect": "Allow",
                        "Action": "*",
                        "Resource": "*"
                    ]
                
            ]
        
    ,
    "MyRule": 
        "Type": "AWS::Events::Rule",
        "Properties": 
            "Description": "A rule to schedule data update",
            "Name": "MyRule",
            "ScheduleExpression": "rate(1 minute)",
            "State": "ENABLED",
            "RoleArn": 
                "Fn::GetAtt": ["MyRole",
                "Arn"]
            ,
            "Targets": [
                "Arn": 
                    "Fn::GetAtt": ["MyQueue",
                    "Arn"]
                ,
                "Id": "MyRule"
            ]
        
    
,
"Outputs": 


那里可能有什么问题?我应该添加一个队列侦听器来显示消息吗?

问题 #2:

关于 CloudWatch 事件规则目标 的文档声明 Id 是必填字段:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-events-rule-target.html

虽然 AWS::SQS::Queue 根本没有这样的属性(只有 Name 存在):

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-queues.html#aws-properties-sqs-queues-prop

当使用 SQS 作为目标时,CloudWatch 事件规则目标 Id 属性应该放什么?

非常感谢。

【问题讨论】:

您的模板有效吗?我认为RoleArn 应该是 Amazon CloudWatch 事件规则目标的属性。除此之外,你的模板应该按照你说的做,(AFAIK) 感谢您的帮助,@yorodm。是的,基于此模板成功创建了堆栈(尽管队列中没有消息)。如果我将 RoleArn 添加到 Rule Traget 堆栈创建过程中会显示以下错误:RoleArn is not supported for target arn:aws:sqs:eu-west-1:***:MyQueue 【参考方案1】:

我的模板中缺少的部分是 AWS::SQS::QueuePolicy

工作模板:

    
     "AWSTemplateFormatVersion": "2010-09-09",
     "Description": "stack 1",
     "Parameters": ,
     "Resources": 
        "MyPolicy": 
            "Type": "AWS::IAM::Policy",
            "Properties": 
                "PolicyDocument": 
                    "Statement": [
                        "Action": "sqs:*",
                        "Effect": "Allow",
                        "Resource": 
                            "Fn::GetAtt": ["MyQueue",
                            "Arn"]
                        
                    ],
                    "Version": "2012-10-17"
                ,
                "PolicyName": "MyPolicyName",
                "Roles": [
                    "Ref": "MyRole"
                ]
            
        ,
        "MyRole": 
            "Type": "AWS::IAM::Role",
            "Properties": 
                "AssumeRolePolicyDocument": 
                    "Statement": [
                        "Action": "sts:AssumeRole",
                        "Effect": "Allow",
                        "Principal": 
                            "Service": ["events.amazonaws.com",
                            "sqs.amazonaws.com"]
                        
                    ],
                    "Version": "2012-10-17"
                
            
        ,
        "MyQueue": 
            "Type": "AWS::SQS::Queue",
            "Properties": 
                "QueueName": "MyQueue2"
            
        ,
        "MyRule": 
            "Type": "AWS::Events::Rule",
            "Properties": 
                "Description": "A rule to schedule data update",
                "Name": "MyRule",
                "ScheduleExpression": "rate(1 minute)",
                "State": "ENABLED",
                "RoleArn": 
                    "Fn::GetAtt": ["MyRole",
                    "Arn"]
                ,
                "Targets": [
                    "Arn": 
                        "Fn::GetAtt": ["MyQueue",
                        "Arn"]
                    ,
                    "Id": "MyRule1",
                    "Input": "\"a\":\"b\""
                ]
            
        ,
        "MyQueuePolicy": 
            "DependsOn": ["MyQueue", "MyRule"],
            "Type": "AWS::SQS::QueuePolicy",
            "Properties": 
                "PolicyDocument": 
                    "Version": "2012-10-17",
                    "Id": "MyQueuePolicy",
                    "Statement": [                     
                        "Effect": "Allow",
                        "Principal": 
                            "Service": ["events.amazonaws.com",
                            "sqs.amazonaws.com"]
                        ,
                        "Action": "sqs:SendMessage",
                        "Resource": 
                            "Fn::GetAtt": ["MyQueue",
                            "Arn"]
                        
                    ]
                ,
                "Queues": [
                    "Ref": "MyQueue"
                ]
            
        
    ,
    "Outputs":         
    

【讨论】:

以上是关于以 SQS 队列为目标的 CloudWatch 事件无法工作的主要内容,如果未能解决你的问题,请参考以下文章

CloudWatch SQS 指标问题上的 AWS Autoscaling

配置 SQS 死信队列以在收到消息时引发云监视警报

基于 SQS 队列大小的自动缩放

如何聚合 AWS SQS ApproximateNumberOfMessages

aws sqs fifo队列和标准队列之间的转换

以消息队列为中心的服务端架构