I'm using the AWS SQS service, and I'm having a hard time defining permissions on my SQS queue. In my setup I'm using the AWS Lambda service, which is triggered when an object is pushed onto an S3 bucket.
However to keep my question briefly, this is what I want to achieve:
As you can read from previous use-case, I want my AWS Lambda method to be the only application, which can send a message to the SQS queue. I've tried to set a principal and a condition "sourceArn". But none of them work..
Can anyone help?
I don't think the SourceArn
field gets populated by Lambda. I know SourceArn works for SNS, but Lambda is really running arbitrary code, not an AWS feature like SNS.
As an alternative, you can attach a policy to the IAM Role your Lambda function runs as.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1440529349000",
"Effect": "Allow",
"Action": [
"sqs:SendMessage"
],
"Resource": [
"arn:aws:sqs:us-west-2:123456789012:test-queue"
]
}
]
}
This method does not require a policy directly attached to the queue.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With