Intellipaat Back

Explore Courses Blog Tutorials Interview Questions
0 votes
2 views
in AWS by (19.1k points)

I'm trying to create a policy for an SQS queue which would allow any S3 bucket to send events to the queue. I don't seem to be able to do this for a specific S3 queue because I end up with circular dependencies.

I've created a cloudformation template which will create the queue and policy, but when I try and manually set up the S3 bucket to send the events I get a message saying

Permissions on the destination queue do not allow S3 to publish notifications from this bucket

The template section that I'm using to create the policy is:

    "SQSNotifcationFromS3" : {

        "Type" :        "AWS::SQS::QueuePolicy",

        "DependsOn" : "S3Notifications",

        "Properties" : {

            "PolicyDocument" : {

                "Version": "2012-10-17",

                "Id": "SQSIDsimon",

                "Statement": [

                    {

                        "Sid": "example-statement-ID",

                        "Effect": "Allow",

                        "Principal": {

                            "Service": "s3.amazonaws.com"

                            },

                        "Action": "SQS:*",

                        "Resource": { "Ref" : "S3Notifications"}

                    }

                ]                  

            },

            "Queues" :      [ { "Ref" : "S3Queue" } ]

        }

    }

1 Answer

0 votes
by (44.4k points)

Set this permission on the SQS as such that every bucket could add events to it:

    "S3EventQueuePolicy" a: {

        "Type" : "AWS::SQS::QueuePolicy",

        "DependsOn" : [ "S3EventQueue" ],

        "Properties" : {

            "PolicyDocument" : {

                "Id": "SQSPolicy",

                "Statement": [

                    {

                        "Sid": "SQSEventPolicy",

                        "Effect": "Allow",

                        "Principal": "*",

                        "Action": "SQS:*",

                        "Resource": "*",

                        "Condition": {

                            "ArnLike": {

                                "aws:SourceArn": "arn:aws:s3:::*"

                            }

                        }

                    }

                ]

            },

            "Queues" : [ { "Ref" : "S3EventQueue"} ]

        }            

    },

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

31k questions

32.8k answers

501 comments

693 users

Browse Categories

...