Setting up SQS queue permissions

You must set up SQS queue permissions for users to access the queue.

Before you begin

You must complete Creating the SQS queue that is used to receive ObjectCreated notifications.

You can set the SQS queue permissions by using either the Permissions Editor or a JSON policy document.

Procedure

  1. Log in to the AWS Management Console as an administrator.
  2. Go to the SQS Management Console, and then select the queue that you created from the list.
  3. From the Details panel, record the ARN field value.

    For example: arn:aws:sqs:us-east-1:123456789012:MySQSQueueName

  4. To set the SQS queue Access policy (Permissions) by using the AWS Policy generator, complete the following steps:
    1. Select Policy Type > SQS Queue Policy.
    2. Add an Access Policy statement.
    3. From the Access policy tab, click Policy generator, and then configure the following parameters:
      Table 1. Permission parameters
      Parameter Value
      Effect Click Allow.
      Principal Type *(Everybody).
      Actions From the list, select SendMessage
      Amazon Resource Name (ARN) Type your queue ARN: arn:aws:sqs:us-east-1:123456789012:MySQSQueueName
    4. Click Add Conditionals (Optional), and then configure the following parameters:
      Table 2. Add Conditionals (Optional) parameters
      Parameter Value
      Qualifier None
      Condition ARNLike
      Key Type aws:SourceArn.
      Value The ARN of the S3 bucket from when you completed the Finding the S3 bucket that contains the data that you want to collect procedure.

      For example: aws:s3:::my-example-s3bucket

  5. To set the SQS queue permissions by using a JSON policy document, complete the following steps:
    1. Click Add Condition > Add Statement. > Generate Policy.
    2. Copy and paste the following JSON policy into the Access policy window:

      Copy and paste might not preserve the white space in the JSON policy. The white space is required. If the white space is not preserved when you paste the JSON policy, paste it into a text editor and restore the white space. Then, copy and paste the JSON policy from your text editor into the Edit Policy Document window.

      {
        "Version": "2008-10-17",
        "Id": "example-ID",
        "Statement": [
          {
            "Sid": "example-statement-ID",
            "Effect": "Allow",
            "Principal": {
              "AWS": "*"
            },
            "Action": "SQS:SendMessage",
            "Resource": "arn:aws:sqs:us-east-1:123456789012:MySQSQueueName",
            "Condition": {
              "ArnLike": {
                "aws:SourceArn": "arn:aws:s3:::my-example-s3bucket"
              }
            }
          }
        ]
      }
  6. Click Review Policy. Ensure that the data is correct, and then click Save Changes.