...
| Info |
|---|
|
): Indicates a list that is dynamically populated based on the configuration.Field Name | Field Type | Field Dependency | Description | |
|---|---|---|---|---|
Label* Default Value: N/A | String | N/A | Specify a unique label for the account. | |
Access-key ID Default Value: N/A | String/Expression | N/A | Specify the access key ID of AWS authentication. | |
Secret key Default Value: N/A | String/Expression | N/A | Specify the secret key of AWS authentication. | |
Security token Default Value: N/A | String/Expression | N/A | Specify a security token that is part of AWS Security Token Service (STS) credentials. Note that only global STS regions are supported. | |
IAM role Default Value: Not selected | Checkbox | N/A | Select this checkbox to use the IAM role stored in the EC2 instance to access SNS. In this case, Access-key ID and Secret key are ignored. This feature is valid only in EC2-type Groundplex. For more information on IAM Roles, see IAM roles for Amazon EC2. You can use an IAM role to manage temporary credentials for applications running on an EC2 instance and making AWS CLI or AWS API requests. This is preferable to storing access keys within the Amazon Elastic Compute Cloud EC2 (Amazon EC2) instance. To assign an AWS role to an EC2 instance and make it available to all of its applications, you create an instance profile attached to the instance. An instance profile contains the role and enables programs that are running on the EC2 instance to get temporary credentials. For more information, see Using an IAM role to grant permissions to applications running on Amazon EC2 instances in the IAM User Guide. | |
Cross Account IAM Role | Use this fieldset to set up cross-account IAM role access. It consists of the following fields. | |||
Role ARN Default Value: None | String/Expression | N/A | Specify the Amazon Resource Name of the role to assume. | |
External ID Default Value: None | String/Expression | N/A | Specify an optional external ID that might be required by the role to assume. | |
Enable large message support Default value: Deselected | Checkbox | When you select this checkbox, the S3 fields to configure for supporting large messages display. | Select this checkbox to enable the SNS Publish Message Snap to send and receive messages greater than 256 KB. When you select this checkbox, the S3 fields appear. The AWS SNS Extended Client Library for Java uses S3 only if the message size is greater than 256 KB. | |
S3 Configuration for Large Message Support | Use this field set to configure the S3 bucket details for processing large messages. | |||
S3 Bucket Default Value: N/A | String/Expression | Appears when you select the Enable Large Message Support checkbox. | Specify the S3 Bucket name residing in an external AWS account. If the field is left empty, the default region (the region of the EC2 instance, or us-west-2 if the JCC is not on a EC2) is used. | |
S3 Bucket region Default value: N/A | String/Expression/Suggestion | Appears when you select the Enable Large Message Support checkbox. | Specify the region where the S3 Bucket is located. | |
S3 Credentials Default value: Use SNS Credentials | String/Expression | Appears when you select the Enable Large Message Support checkbox. | Choose the S3 credentials for the S3 Bucket. The available options are:
| |
S3 access key ID Default Value: N/A | String/Expression | Appears when you select Provide Separate Credentials for S3 Credentials. | Specify the S3 access key ID that you want to use for AWS authentication. | |
S3 Secret Key Default Value: N/A | String/Expression | Appears when you select Provide Separate Credentials for S3 Credentials. | Specify the S3 secret key associated with the S3 Access-ID key listed in the S3 Access-key ID field. | |
S3 Security Token Default Value: N/A | String/Expression | Appears when you select Provide Separate Credentials for S3 Credentials. | Specify a security token that is part of AWS Security Token Service (STS) credentials. Note that only global STS regions are supported. | |
Use EC2 Role Default Value: Deselected | Checkbox | Appears when you select Provide Separate Credentials for S3 Credentials. | Select this checkbox to use the Amazon Elastic Cloud Compute Role. An EC2 (Elastic Compute Cloud) role is an AWS IAM role that is assigned to an EC2 instance. This role allows the instance to access AWS resources and services based on the permissions that are assigned to the role. | |
Assumed role ARN Default Value: N/A | String/Expression | Appears when you select Provide Separate Credentials for S3 Credentials. | Specify the Amazon Resource Name of the role to assume. An assumed role ARN in AWS is a unique identifier for an AWS Identity and Access Management (IAM) role that an AWS resource or an external user can assume to access resources in your account. In this example:
| |
Assumed role External ID Default Value: N/A | String/Expression | Appears when you select Provide Separate Credentials for S3 Credentials. | Specify an external ID that may be required by the role to assume. An External ID is an optional value that you can use to add additional security when you grant access to an IAM role. The external ID helps ensure that only authorized entities can assume the role, even if they have access to the role's ARN and the calling account's credentials. When you grant access to the IAM role, you provide this value to the entity that is assuming the role, with the role's ARN. Then, when the entity attempts to assume the role, you must provide the correct External ID value to be granted access. | |
Amazon SNS Account Configuration Scenarios
The following are the possible configuration combinations for the Amazon SNS account:
Scenario | Authentication Type | Other Details |
|---|---|---|
When you configure the account using the Access Key ID, Secret key, and Security token. | The SNS credentials are used for authentication. | Specify values in the following fields:
Learn more about Generating Access and Secret Keys in AWS. |
IAM Role | ||
When you configure the account using the IAM Role. | The IAM role attached to the EC2 instance is used for authentication. This role is assigned to an EC2 instance where the pipelines run. | You do not have to provide the Access Key ID and Secret key. Select the IAM role checkbox for an account used in EC2 Groundplex that has the IAM role assigned. |
When you configure the SNS account using the IAM Role with the Enable large message support checkbox selected. | ||
When you select Use SNS Credentials for S3 Credentials. | Authenticates using the SNS credentials for S3. | Specify values in the following fields:
|
When you select Provide Separate Credentials for S3 Credentials. | Authenticates using the specified separate S3 credentials. | Specify values in the following fields:
|
Cross Account IAM Role | ||
When you configure the account using the Cross Account IAM Role. | Authenticates using the Role ARN generated in AWS. | Specify values in the following fields:
Learn more about Configuring Cross Account IAM Role Support. |
When you configure the SNS account by selecting the Cross Account IAM Role and the Enable large message support checkboxes. | ||
When you select Use SNS Credentials for S3 Credentials. | Authenticates using the SNS credentials. | Specify values in the following fields:
You can also configure separate Cross accounts using SNS and S3 credentials. To configure Cross Account using S3 credentials, you must specify values in the following fields:
|
When you select Provide Separate Credentials for S3 Credentials. | Authenticates using the specified S3 credentials. | Specify values in the following fields:
|
EC2 Role | ||
When you configure the account using the EC2 Role for S3. | The IAM role attached to the EC2 instance is used for authentication. | Select the Use EC2 Role checkbox. |
When you configure the account using the EC2 Role for S3 with the Cross Account IAM Role. | Authenticates using the Assumed role ARN. | Select the Use EC2 Role checkbox and specify values in the following fields:
Learn more about Configuring an EC2 role for IAM Role in AWS S3 Account |
Troubleshooting
Error | Reason | Resolution |
|---|---|---|
Invalid account configuration. | You might have entered empty or null values in Cross Account IAM Role fields. | Enter valid values for Cross Account IAM Role. |
Validate_account_with_expression. | One or more pipeline parameters must be configured in the pipeline. Validation is not applicable for pipeline parameters. | Do not validate the account if you provide pipeline parameters. |
Account_credentials_missing. | Either Access key or secret key might be empty. | You must provide valid credentials for SNS if the IAM role is disabled. |
Blank or empty S3 Key ID. | Either Access key or Secret key is empty. | Provide a valid Access key and Secret key. |
The message size is greater than 2 GB. | The size of the message size is greater than 2 GB. | The maximum limit for the message size should be 2 GB. |
Snap Pack History
| Expand | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
...