Manage SQS Access Policy with CLI
Read Queue Policy
aws sqs --region ${region} get-queue-attributes --queue-url ${sqs_url} --attribute-names Policy
Attach access policy to a Queue
This is a bit tricky, as unlike other AWS commands,set-queue-attributes needs json file as a string in another json file, so we first create a json policy file like below and then use it to attach it to the queue.
cat >sqs.json <<-EOT
{
"Policy" : "{ \"Statement\" : [ { \"Action\" : \"SQS:SendMessage\", \"Effect\" : \"Allow\", \"Sid\": \"AllowPESends\", \"Principal\" : { \"AWS\" : \"*\" }, \"Condition\" : { \"ArnEquals\" : { \"aws:SourceArn\" : \"${sns_topic_arn}\" } }, \"Resource\" : \"${sqs_arn}\" } ], \"Id\" : \"SQSPESendPolicy\", \"Version\" : \"2012-10-17\" }"
}
EOT
aws sqs set-queue-attributes --region ${region} --queue-url ${sqs_url} --attributes file://sqs.json
Add permission to a queue
aws sqs add-permission --region ${region} --queue-url ${sqs_url} --label SendMessagesFromMyQueue --aws-account-ids 12345EXAMPLE --actions SendMessage
Remove a permission from a queue
aws sqs remove-permission --region ${region} --queue-url ${sqs_url} --label SendMessagesFromMyQueue
Was it helpful?
Let us know if you liked the post. That’s the only way we can improve.
Great post. I am facing a couple of these problems.