Skip to content

Instantly share code, notes, and snippets.

@marcelog
Last active December 4, 2023 07:07
Show Gist options
  • Star 38 You must be signed in to star a gist
  • Fork 11 You must be signed in to fork a gist
  • Save marcelog/7b0224b63c90802996ab2dee7d7082e4 to your computer and use it in GitHub Desktop.
Save marcelog/7b0224b63c90802996ab2dee7d7082e4 to your computer and use it in GitHub Desktop.
SQS Policy to allow an S3 bucket to publish messages
{
"Version": "2012-10-17",
"Id": "arn:aws:sqs:YOUR-AWS-REGION:YOUR-AWS-ACCOUNT-ID:YOUR-QUEUE-NAME/SQSDefaultPolicy",
"Statement": [
{
"Sid": "example-statement-ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "SQS:SendMessage",
"Resource": "arn:aws:sqs:YOUR-AWS-REGION:YOUR-AWS-ACCOUNT-ID:YOUR-QUEUE-NAME",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:YOUR-S3-BUCKET"
}
}
}
]
}
@chuong-dao
Copy link

Can we do a wildcard "aws:SourceArn": "arn:aws:s3:::bucket-name*" ? I tried and it didn't work for me. Wondering if you guys have any suggestions. I am OK with limiting even to the account level. Thanks!

@nikhilshinde57
Copy link

Thanks Marcelo Gornstein for sharing this information it's really helpful.

@byung-u
Copy link

byung-u commented Jun 26, 2020

Thank you, it's really helpful for me.

@jklacy3
Copy link

jklacy3 commented Jul 25, 2020

hmm. can't get this to work. i created a empty S3 bucket, tried to create sqs notification action. Still getting queue permission error queue. Any ideas?

@melvin-felix
Copy link

<3

@vinay2696
Copy link

what if I want to use the same queue in a multiply bucket, then what all changes need to do in the above Policy.

@wale1974
Copy link

YOUR-AWS-REGION:YOUR-AWS-ACCOUNT-ID:YOUR-QUEUE-NAME/SQSDefaultPolicy",

I understand what AWS-REGION represent, What AWS-ACCOUNT-ID represent and what QUEUE-NAME but please does SQSDefaultPolicy represent??

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment