Feeding SQS Queues available in two different AWS Accounts

Question

For putting messages to SQS Queues and getting a connection, we need to have a key for the account/user.

I want to feed messages to two queues which are available in two different AWS Accounts. How can I achieve that? As far as my understanding is, we can setup only one access/key credentials hence we cannot talk to two queues available in two different AWS Accounts.

Any help would be appreciated. Thanks!

Answer 1

You can use credentials from one account ("Account A") to make API calls to an Amazon SQS queue in a different account ("Account B").

Simply add a policy to the SQS queue in the target account (Account B). Here is a sample policy from the Using Identity-Based Policies (IAM) Policies for Amazon SQS documentation:

The following example policy grants AWS account number 111122223333 the SendMessage permission for the queue named 444455556666/queue1 in the US East (Ohio) region.

{
  "Version": "2012-10-17",
  "Id": "Queue1_Policy_UUID",
  "Statement": [
    {
      "Sid":"Queue1_SendMessage",
      "Effect": "Allow",
      "Principal": {
        "AWS": "111122223333"
      },
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sqs:us-east-2:444455556666:queue1"
    }
  ]  
}