AWS IAM user policy to restrict access to specific SQS queue

Question

I'm trying to setup a user policy for a AWS IAM user to access a specific AWS SQS queue.

When I try with below policy, I get the error AccessDenied.

{
  "Statement": [
    {
      "Action": ["sqs:*"],
      "Effect": "Allow",
      "Resource": ["arn:aws:sqs:us-east-1:my_aws_account_id:queue_name"]
    }
  ]
}

However, when I trying using the same policy, only replacing the queue_name part of arn with *, it works:

{
  "Statement": [
    {
      "Action": ["sqs:*"],
      "Effect": "Allow",
      "Resource": ["arn:aws:sqs:us-east-1:my_aws_account_id:*"]
    }
  ]
}

What could be the problem when trying to restrict access to specific queue?

Answer 1

What action are you trying to perform with the queue-specific policy? I did the following:

1. Created a queue (all default values)
2. Defined an IAM user and added a user policy identical in format to your #1
3. Added a message, retrieved a message and deleted a message - NO PROBLEM
4. Performed an action above the queue level (like list queues) ERROR