Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Amazon ElasticBeanStalk Worker Tier cannot connect to SQS

Currently I'm having issues to allow my worker to connect to SQS. Here is the log:

2014-07-21T21:37:26Z error: AWS::SQS::Errors::AccessDenied: Access to the resource https://sqs.eu-west-1.amazonaws.com/343152361204/dev-compose-request is denied.

dev-compose-request is the name of the Queue.

I am able to post messages from my other ElasticBeanStalk WebApp (server-tier) into this Queue.

My Worker Tier is in a security-group which allows any outbound connection.

like image 522
Pepster Avatar asked Jul 21 '14 22:07

Pepster


1 Answers

Sounds similar to: AWS Beanstalk Worker can't start SQS daemon aws-sqsd

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.iam.roles.aeb.html#AWSHowTo.iam.policies.actions.worker

Can you make sure the IAM Instance profile associated with your environment (may be named aws-elasticbeanstalk-ec2-role but could be named something else as well) has all permissions listed in the link above? (Copied below for reference)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "QueueAccess",
      "Action": [
        "sqs:ChangeMessageVisibility",
        "sqs:DeleteMessage",
        "sqs:ReceiveMessage"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "MetricsAccess",
      "Action": [
        "cloudwatch:PutMetricData"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}               
like image 94
Rohit Banga Avatar answered Oct 11 '22 08:10

Rohit Banga