Skip to content

Instantly share code, notes, and snippets.

Last active November 15, 2023 02:58
  • Star 37 You must be signed in to star a gist
  • Fork 11 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
SQS Policy to allow an S3 bucket to publish messages
"Version": "2012-10-17",
"Statement": [
"Sid": "example-statement-ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
"Action": "SQS:SendMessage",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:YOUR-S3-BUCKET"
Copy link

This Solved the problem.


Copy link

Can we do a wildcard "aws:SourceArn": "arn:aws:s3:::bucket-name*" ? I tried and it didn't work for me. Wondering if you guys have any suggestions. I am OK with limiting even to the account level. Thanks!

Copy link

Thanks Marcelo Gornstein for sharing this information it's really helpful.

Copy link

byung-u commented Jun 26, 2020

Thank you, it's really helpful for me.

Copy link

jklacy3 commented Jul 25, 2020

hmm. can't get this to work. i created a empty S3 bucket, tried to create sqs notification action. Still getting queue permission error queue. Any ideas?

Copy link


Copy link

what if I want to use the same queue in a multiply bucket, then what all changes need to do in the above Policy.

Copy link


I understand what AWS-REGION represent, What AWS-ACCOUNT-ID represent and what QUEUE-NAME but please does SQSDefaultPolicy represent??

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment