aws/aws-cdk
在 GitHub 查看[aws-cloudtrail] cross-account `Trail`s cannot specify SNS topic
Open
#11,387 创建于 2020年11月10日
@aws-cdk/aws-cloudtrailbugeffort/smallgood first issuep2
描述
Continuation of: #9013 References internal ticket
When creating a new trail using an SNS topic from secondary account (see code sample below). Trail creation fails.
const externAccountTopic = sns.Topic.fromTopicArn(
this,
'TopicName',
'TOPIC_ARN_SECONDARY_ACCOUNT'
);
const multiAccountTrail = new cloudtrail.Trail(this, 'MultiAccountTrail', {
bucket: dataEventTrailBucket,
enableFileValidation: true,
isMultiRegionTrail: true,
snsTopic: externAccountTopic,
trailName: 'MultiAccountTrail'
});
Fails with exception:
"SNS Topic does not exist or the topic policy is incorrect! (Service: AWSCloudTrail; Status Code: 400; Error Code: InsufficientSnsTopicPolicyException; Request ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx; Proxy: null)"
Related Issue
It looks like this was brought-up before, and largely addressed (initial concern was multi-region), but not fixed for multi-account.
Original Issue: #9013 Fixing PR: #9239
Environment
- CDK CLI Version : 1.72.0
- Framework Version: 1.72.0
- Node.js Version: 12.16.2
- OS : OSX Catalina
- Language (Version): Typescript
Other
This is :bug: Bug Report