1 個回答
- 最新
- 最多得票
- 最多評論
0
Hi! Good question,
From the page you've linked as well, the SES section covers the following under Create an Amazon SES Configuration Set:
- (Part of Step 7): For IAM role, select Let SES make a new role. Enter a name for the role, and then choose Create Role. (As you've mentioned, this is where the guidance stops).
- The role will need 2 specific things: 1. The Trust Relationship configured to allow SES to use the role. 2. The Permissions for the Role to write to Firehose.
- The Trust Relationship should look like the following (Note the Conditions for SourceAccount and SourceArn to limit the usage for your specific purpose):
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ses.amazonaws.com"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"AWS:SourceAccount": "123456789012",
"AWS:SourceArn": "arn:aws:ses:us-east-1:123456789012:configuration-set/configuration-set-name"
}
}
}
]
}
And the policy with permissions (either Inline or Managed Policy) should look like the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"firehose:PutRecordBatch"
],
"Resource": [
"arn:aws:firehose:us-east-1:123456789012:deliverystream/delivery-stream-name"
]
}
]
}
Keep in mind you'll need to replace the region, account number, delivery-stream-name and configuration-set-name in your ARNs with what you're using.
For more information, check out: https://docs.aws.amazon.com/ses/latest/DeveloperGuide/event-publishing-add-event-destination-firehose.html
已回答 3 年前
相關內容
- 已提問 11 天前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前