AWS IAM user policy to restrict access to specific SQS queue
Question
I'm trying to setup a user policy for a AWS IAM user to access a specific AWS SQS queue.
When I try with below policy, I get the error AccessDenied.
{
"Statement": [
{
"Action": ["sqs:*"],
"Effect": "Allow",
"Resource": ["arn:aws:sqs:us-east-1:my_aws_account_id:queue_name"]
}
]
}
However, when I trying using the same policy, only replacing the queue_name part of arn with *, it works:
{
"Statement": [
{
"Action": ["sqs:*"],
"Effect": "Allow",
"Resource": ["arn:aws:sqs:us-east-1:my_aws_account_id:*"]
}
]
}
What could be the problem when trying to restrict access to specific queue?
2 answers
solution1
4 2012-10-28 21:58:16
What action are you trying to perform with the queue-specific policy? I did the following:
- Created a queue (all default values)
- Defined an IAM user and added a user policy identical in format to your #1
- Added a message, retrieved a message and deleted a message - NO PROBLEM
- Performed an action above the queue level (like list queues) ERROR
solution2
0 2018-08-23 22:23:10
我遇到了类似情况,发现"arn:aws:sqs:*:*:queue_name"对我"arn:aws:sqs:*:*:queue_name" 。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.