Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Unable to configure SQS queue notification in S3

I created an SQS queue and added policy under permission tab allowing only my account users to configure the configure the notification

Policy Document

{
  "Version": "2012-10-17",
  "Id": "arn:aws:sqs:us-east-1:111111111111:sqsqueue/SQSDefaultPolicy",
  "Statement": [
    {
      "Sid": "Sid111111111111",
      "Effect": "Allow",
      "Principal": {
        "AWS": "111111111111"
      },
      "Action": [
        "sqs:SendMessage",
        "sqs:ReceiveMessage"
      ],
      "Resource": "arn:aws:sqs:us-east-1:111111111111:queue"
    }
  ]

Navigate to S3 and try to configure event notification for the above queue, it is throwing an error

Unable to validate the following destination configurations. Permissions on the destination queue do not allow S3 to publish notifications from this bucket. (arn:aws:sqs:us-east-1:111111111111:queue)*

am I doing something wrong? Can someone help me please

like image 783
nurav Avatar asked Feb 20 '19 17:02

nurav


1 Answers

I was able to resolve this issue by adding "Service": "s3.amazonaws.com" in the Principal tag.

Here the policy document

    {
  "Version": "2012-10-17",
  "Id": "arn:aws:sqs:us-east-1:111111111111:sqsqueue/SQSDefaultPolicy",
  "Statement": [
    {
      "Sid": "Sid111111111111",
      "Effect": "Allow",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Action": [
        "sqs:SendMessage",
        "sqs:ReceiveMessage"
      ],
      "Resource": "arn:aws:sqs:us-east-1:111111111111:queue"
    }
  ]

This is explained in https://forums.aws.amazon.com/thread.jspa?threadID=173251

like image 133
SKB Avatar answered Sep 21 '22 15:09

SKB