Read Queue Policy

aws sqs --region ${region} get-queue-attributes --queue-url ${sqs_url} --attribute-names Policy

Attach access policy to a Queue

This is a bit tricky, as unlike other AWS commands,set-queue-attributes needs json file as a string in another json file, so we first create a json policy file like below and then use it to attach it to the queue.

cat >sqs.json <<-EOT
{
"Policy" : "{ \"Statement\" : [ { \"Action\" : \"SQS:SendMessage\", \"Effect\" : \"Allow\", \"Sid\": \"AllowPESends\", \"Principal\" : { \"AWS\" : \"*\" }, \"Condition\" : { \"ArnEquals\" : { \"aws:SourceArn\" : \"${sns_topic_arn}\" } }, \"Resource\" : \"${sqs_arn}\" } ], \"Id\" : \"SQSPESendPolicy\", \"Version\" : \"2012-10-17\" }"
}
EOT

aws sqs set-queue-attributes --region ${region} --queue-url ${sqs_url} --attributes file://sqs.json

Add permission to a queue

aws sqs add-permission --region ${region} --queue-url ${sqs_url} --label SendMessagesFromMyQueue --aws-account-ids 12345EXAMPLE --actions SendMessage

Remove a permission from a queue

aws sqs remove-permission --region ${region} --queue-url ${sqs_url} --label SendMessagesFromMyQueue