Setting up SQS queue permissions
You must set up SQS queue permissions for users to access the queue.
Before you begin
You can set the SQS queue permissions by using either the Permissions Editor or a JSON policy document.
Procedure
- Log in to the AWS Management Console as an administrator.
- Go to the SQS Management Console, and then select the queue that you created from the list.
-
From the Details panel, record the ARN field
value.
For example: arn:aws:sqs:us-east-1:123456789012:MySQSQueueName
- To set the SQS queue Access policy (Permissions) by using the
AWS Policy generator, complete the following steps:
- Select Policy Type > SQS Queue Policy.
- Add an Access Policy statement.
- From the Access policy tab, click Policy
generator, and then configure the following parameters:
Table 1. Permission parameters Parameter Value Effect Click Allow. Principal Type *(Everybody). Actions From the list, select SendMessage Amazon Resource Name (ARN) Type your queue ARN: arn:aws:sqs:us-east-1:123456789012:MySQSQueueName - Click Add Conditionals (Optional), and then configure the
following parameters:
Table 2. Add Conditionals (Optional) parameters Parameter Value Qualifier None Condition ARNLike Key Type aws:SourceArn. Value The ARN of the S3 bucket from when you completed the Finding the S3 bucket that contains the data that you want to collect procedure. For example: aws:s3:::my-example-s3bucket
- To set the SQS queue permissions by using a JSON policy document, complete the following
steps:
- Click Add Condition > Add Statement. > Generate Policy.
- Copy and paste the following JSON policy into the Access policy
window:
Copy and paste might not preserve the white space in the JSON policy. The white space is required. If the white space is not preserved when you paste the JSON policy, paste it into a text editor and restore the white space. Then, copy and paste the JSON policy from your text editor into the Edit Policy Document window.
{ "Version": "2008-10-17", "Id": "example-ID", "Statement": [ { "Sid": "example-statement-ID", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "SQS:SendMessage", "Resource": "arn:aws:sqs:us-east-1:123456789012:MySQSQueueName", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:s3:::my-example-s3bucket" } } } ] }
- Click Review Policy. Ensure that the data is correct, and then click Save Changes.