Allow access to AWS SQS queues by region

Question

Allow access to AWS SQS queues by region

I have an AWS SQS queue with a permission policy that looks like this:

{
  "Version": "2012-10-17",
  "Id": "arn:aws:sqs:us-east-1:123123123:default_staging/SQSDefaultPolicy",
  "Statement": [
    {
      "Sid": "Sid123123123123",
      "Effect": "Allow",
      "Principal": {
        "AWS": "123123123123"
      },
      "Action": "SQS:*",
      "Resource": "arn:aws:sqs:us-east-1:123123123123123:default_staging"
    }
  ]
}

Unfortunately, I cannot queue messages default_stagingfrom my AWS server in another region.

I can add messages to default_stagingfrom my other region if I set the permission policy for wide disclosure.

How can I customize my policy to allow action SQS:*in all my regions?

+4

amazon-web-services amazon-sqs

Jason swett Sep 11 '15 at 16:23

source share

1 answer

kixorz · Accepted Answer · 2015-09-11T18:46:22+0000

Exchange SQSby region is possible using the correct permissions IAMand, most importantly SQS URL, which you need to provide for yours AWS SDK.

.

, , IAM, SQSUser :

{
  "Version": "2012-10-17",
  "Id": "arn:aws:sqs:us-east-1:123123123123:default_staging/SQSDefaultPolicy",
  "Statement": [
    {
      "Sid": "Sid89345945989988",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123123123123:user/SQSUser"
      },
      "Action": "SQS:*",
      "Resource": "arn:aws:sqs:us-east-1:123123123123:default_staging"
    }
  ]
}

:

      "Principal": {
        "AWS": "arn:aws:iam::123123123123:user/SQSUser"
      },

Allow access to AWS SQS queues by region

More articles: