Last active
December 4, 2023 07:07
-
-
Save marcelog/7b0224b63c90802996ab2dee7d7082e4 to your computer and use it in GitHub Desktop.
SQS Policy to allow an S3 bucket to publish messages
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Id": "arn:aws:sqs:YOUR-AWS-REGION:YOUR-AWS-ACCOUNT-ID:YOUR-QUEUE-NAME/SQSDefaultPolicy", | |
"Statement": [ | |
{ | |
"Sid": "example-statement-ID", | |
"Effect": "Allow", | |
"Principal": { | |
"AWS": "*" | |
}, | |
"Action": "SQS:SendMessage", | |
"Resource": "arn:aws:sqs:YOUR-AWS-REGION:YOUR-AWS-ACCOUNT-ID:YOUR-QUEUE-NAME", | |
"Condition": { | |
"ArnLike": { | |
"aws:SourceArn": "arn:aws:s3:*:*:YOUR-S3-BUCKET" | |
} | |
} | |
} | |
] | |
} |
Thanks Marcelo Gornstein for sharing this information it's really helpful.
Thank you, it's really helpful for me.
hmm. can't get this to work. i created a empty S3 bucket, tried to create sqs notification action. Still getting queue permission error queue. Any ideas?
<3
what if I want to use the same queue in a multiply bucket, then what all changes need to do in the above Policy.
YOUR-AWS-REGION:YOUR-AWS-ACCOUNT-ID:YOUR-QUEUE-NAME/SQSDefaultPolicy",
I understand what AWS-REGION represent, What AWS-ACCOUNT-ID represent and what QUEUE-NAME but please does SQSDefaultPolicy represent??
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Can we do a wildcard "aws:SourceArn": "arn:aws:s3:::bucket-name*" ? I tried and it didn't work for me. Wondering if you guys have any suggestions. I am OK with limiting even to the account level. Thanks!