Currently I'm having issues to allow my worker to connect to SQS. Here is the log:
2014-07-21T21:37:26Z error: AWS::SQS::Errors::AccessDenied: Access to the resource https://sqs.eu-west-1.amazonaws.com/343152361204/dev-compose-request is denied.
dev-compose-request is the name of the Queue.
I am able to post messages from my other ElasticBeanStalk WebApp (server-tier) into this Queue.
My Worker Tier is in a security-group which allows any outbound connection.
Sounds similar to: AWS Beanstalk Worker can't start SQS daemon aws-sqsd
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.iam.roles.aeb.html#AWSHowTo.iam.policies.actions.worker
Can you make sure the IAM Instance profile associated with your environment (may be named aws-elasticbeanstalk-ec2-role but could be named something else as well) has all permissions listed in the link above? (Copied below for reference)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "QueueAccess",
"Action": [
"sqs:ChangeMessageVisibility",
"sqs:DeleteMessage",
"sqs:ReceiveMessage"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Sid": "MetricsAccess",
"Action": [
"cloudwatch:PutMetricData"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With