IamRoleSNSPublishSQS:
Type: AWS::SQS::QueuePolicy
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Sid: Allow-SNS-Messages
Effect: Allow
Principal:
AWS: '*'
Action:
- "SQS:*"
Resource: {"Ref": "IncomingEmailSnsTopic"}
Condition:
ArnEquals:
aws:SourceArn: !Ref 'IncomingEmailSnsTopic'
Queues:
- {"Ref": "MyQueue"}
That's the policy I've got (it's not failing to update the Cloudformation stack).
When I have that, the message fails to be published to the queue.
If I then update the permissions:
and check this box:
then when a message is published it does go into the queue. What's wrong with the queuepolicy?
In your queue policy the Resource field is currently pointing to the ARN of the SNS topic.
The Resource field should point to the resource to which the policy applies. In other words the queue's ARN (another option would be to just use a wildcard).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.