I'm trying to create a policy for an SQS queue which would allow any S3 bucket to send events to the queue. I don't seem to be able to do this for a specific S3 queue because I end up with circular dependencies.
I've created a cloudformation template which will create the queue and policy, but when I try and manually set up the S3 bucket to send the events I get a message saying
Permissions on the destination queue do not allow S3 to publish notifications from this bucket
The template section that I'm using to create the policy is:
"SQSNotifcationFromS3" : {
"Type" : "AWS::SQS::QueuePolicy",
"DependsOn" : "S3Notifications",
"Properties" : {
"PolicyDocument" : {
"Version": "2012-10-17",
"Id": "SQSIDsimon",
"Statement": [
{
"Sid": "example-statement-ID",
"Effect": "Allow",
"Principal": {
"Service": "s3.amazonaws.com"
},
"Action": "SQS:*",
"Resource": { "Ref" : "S3Notifications"}
}
]
},
"Queues" : [ { "Ref" : "S3Queue" } ]
}
}