1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hi! Good question,
From the page you've linked as well, the SES section covers the following under Create an Amazon SES Configuration Set:
- (Part of Step 7): For IAM role, select Let SES make a new role. Enter a name for the role, and then choose Create Role. (As you've mentioned, this is where the guidance stops).
- The role will need 2 specific things: 1. The Trust Relationship configured to allow SES to use the role. 2. The Permissions for the Role to write to Firehose.
- The Trust Relationship should look like the following (Note the Conditions for SourceAccount and SourceArn to limit the usage for your specific purpose):
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ses.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"AWS:SourceAccount": "123456789012",
"AWS:SourceArn": "arn:aws:ses:us-east-1:123456789012:configuration-set/configuration-set-name"
}
}
}
]
}
And the policy with permissions (either Inline or Managed Policy) should look like the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"firehose:PutRecordBatch"
],
"Resource": [
"arn:aws:firehose:us-east-1:123456789012:deliverystream/delivery-stream-name"
]
}
]
}
Keep in mind you'll need to replace the region, account number, delivery-stream-name and configuration-set-name in your ARNs with what you're using.
For more information, check out: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/event-publishing-add-event-destination-firehose.html
답변함 3년 전
관련 콘텐츠
- AWS 공식업데이트됨 5년 전
- AWS 공식업데이트됨 2년 전