lambdaを使ってSNSのアクセスポリシーを取得、変更、更新したいのですが、更新の部分set_topic_attributesが上手くいきません
解決方法を教えて頂きたいです。
py
import os import boto3 import json import ast import logging logger = logging.getLogger() logger.setLevel(logging.INFO) topic_arn = os.environ['topic_arn'] account_no = os.environ['account_no'] sns_client = boto3.client('sns') def lambda_handler(event, context): # snsポリシー取得 sns_policy = get_sns_policy(sns_client, topic_arn) print('sns_policy:',sns_policy) if sns_policy != 'policy_not_exist': # ポリシーの中に'S3-Events'があるかチェック check_policy_result = check_policy(sns_policy) print('check_policy_result:',check_policy_result) if not check_policy_result: # snsポリシー修正 new_sns_policy = mod_sns_policy(sns_policy, topic_arn, account_no) print('new_sns_policy:',new_sns_policy) # 修正したポリシーをsnsにアプデ update_sns_policy(sns_client, new_sns_policy, topic_arn) def get_sns_policy(sns_client, topic_arn): try: response = sns_client.get_topic_attributes(TopicArn=topic_arn) return ast.literal_eval(response['Attributes']['Policy']) except Exception: return 'policy_not_exist' def check_policy(sns_policy): print(type(sns_policy)) s3_events_flg = False for statement in sns_policy['Statement']: # キー"Sid"がある場合 かつ 値が "S3-Events"の場合 if "Sid" in statement.keys() and statement["Sid"] == "S3-Events": print('S3-Events Yes it is') s3_events_flg = True return s3_events_flg else: print('S3-Events No it isnt') return s3_events_flg def mod_sns_policy(sns_policy, topic_arn, account_no): print('mod_sns_policy_function') new_statement = { "Sid": "S3-Events","Effect": "Allow", "Principal": {"Service": "s3.amazonaws.com"}, "Action": "sns:Publish", "Resource": topic_arn, "Condition": {"StringEquals": { "AWS:SourceAccount": account_no }} } sns_policy['Statement'].append(new_statement) return sns_policy def update_sns_policy(sns_client, new_sns_policy, topic_arn): print('update_sns_policy_function') jsondumps_new_sns_policy = json.dumps(new_sns_policy) str_new_sns_policy = str(new_sns_policy) try: sns_client.set_topic_attributes( TopicArn=topic_arn, AttributeName='DeliveryPolicy', AttributeValue=str_new_sns_policy ) except Exception as e: logger.error(e)
Lambda設定
- ライタイム:Python 3.9
- アーキテクチャ:x86_64
試したこと
sns_client.set_topic_attributes()
のAttributeValue=
に入る部分を、json.dumpsやstrなどの形に変換して試してみました。
new_sns_policy
(pythonのdict形式のまま)の場合
[ERROR] 2022-03-20T12:57:40.342Z 11dd47c8-2cb7-4240-a382-74a016619469 Parameter validation failed: Invalid type for parameter AttributeValue, value: { ポリシー の中身(割愛) }, type: <class 'dict'>, valid types: <class 'str'>
json.dumps(new_sns_policy)
の場合
[ERROR] 2022-03-20T12:25:00.778Z eac745dd-e649-492d-b551-bab8bb62fcb6 An error occurred (InvalidParameter) when calling the SetTopicAttributes operation: Invalid parameter: DeliveryPolicy: Unexpected JSON member: Version
str(new_sns_policy)
の場合
[ERROR] 2022-03-20T12:54:13.830Z 404be517-147f-4fe8-929a-6788049c068c An error occurred (InvalidParameter) when calling the SetTopicAttributes operation: Invalid parameter: DeliveryPolicy: Invalid JSON: Unexpected character (''' (code 39)) at [line: 1, column: 3]: was expecting double-quote to start field name
まだ回答がついていません
会員登録して回答してみよう