{ | |
"Version": "2012-10-17", | |
"Id": "arn:aws:sqs:YOUR-AWS-REGION:YOUR-AWS-ACCOUNT-ID:YOUR-QUEUE-NAME/SQSDefaultPolicy", | |
"Statement": [ | |
{ | |
"Sid": "example-statement-ID", | |
"Effect": "Allow", | |
"Principal": { | |
"AWS": "*" | |
}, | |
"Action": "SQS:SendMessage", | |
"Resource": "arn:aws:sqs:YOUR-AWS-REGION:YOUR-AWS-ACCOUNT-ID:YOUR-QUEUE-NAME", | |
"Condition": { | |
"ArnLike": { | |
"aws:SourceArn": "arn:aws:s3:*:*:YOUR-S3-BUCKET" | |
} | |
} | |
} | |
] | |
} |
Can we do a wildcard "aws:SourceArn": "arn:aws:s3:::bucket-name*" ? I tried and it didn't work for me. Wondering if you guys have any suggestions. I am OK with limiting even to the account level. Thanks!
Thanks Marcelo Gornstein for sharing this information it's really helpful.
Thank you, it's really helpful for me.
hmm. can't get this to work. i created a empty S3 bucket, tried to create sqs notification action. Still getting queue permission error queue. Any ideas?
<3
what if I want to use the same queue in a multiply bucket, then what all changes need to do in the above Policy.
YOUR-AWS-REGION:YOUR-AWS-ACCOUNT-ID:YOUR-QUEUE-NAME/SQSDefaultPolicy",
I understand what AWS-REGION represent, What AWS-ACCOUNT-ID represent and what QUEUE-NAME but please does SQSDefaultPolicy represent??
This Solved the problem.
Thanks!!