Back

Explore Courses Blog Tutorials Interview Questions

Cloudformation SQS Policy for S3 events

0 votes
2 views
in AWS by (19.1k points)

I'm trying to create a policy for an SQS queue which would allow any S3 bucket to send events to the queue. I don't seem to be able to do this for a specific S3 queue because I end up with circular dependencies.

I've created a cloudformation template which will create the queue and policy, but when I try and manually set up the S3 bucket to send the events I get a message saying

Permissions on the destination queue do not allow S3 to publish notifications from this bucket

The template section that I'm using to create the policy is:

    "SQSNotifcationFromS3" : {

        "Type" :        "AWS::SQS::QueuePolicy",

        "DependsOn" : "S3Notifications",

        "Properties" : {

            "PolicyDocument" : {

                "Version": "2012-10-17",

                "Id": "SQSIDsimon",

                "Statement": [

                    {

                        "Sid": "example-statement-ID",

                        "Effect": "Allow",

                        "Principal": {

                            "Service": "s3.amazonaws.com"

                            },

                        "Action": "SQS:*",

                        "Resource": { "Ref" : "S3Notifications"}

                    }

                ]                  

            },

            "Queues" :      [ { "Ref" : "S3Queue" } ]

        }

    }

1 Answer

0 votes
by (44.4k points)

Set this permission on the SQS as such that every bucket could add events to it:

    "S3EventQueuePolicy" a: {

        "Type" : "AWS::SQS::QueuePolicy",

        "DependsOn" : [ "S3EventQueue" ],

        "Properties" : {

            "PolicyDocument" : {

                "Id": "SQSPolicy",

                "Statement": [

                    {

                        "Sid": "SQSEventPolicy",

                        "Effect": "Allow",

                        "Principal": "*",

                        "Action": "SQS:*",

                        "Resource": "*",

                        "Condition": {

                            "ArnLike": {

                                "aws:SourceArn": "arn:aws:s3:::*"

                            }

                        }

                    }

                ]

            },

            "Queues" : [ { "Ref" : "S3EventQueue"} ]

        }            

    },

Related questions

Want to get 50% Hike on your Salary?

Learn how we helped 50,000+ professionals like you !

0 votes
1 answer
AWS SQS permissions for AWS Lambda
asked Jul 25, 2019 in AWS by yuvraj (19.1k points)
0 votes
1 answer
Async consumer for Amazon SQS
asked Feb 13, 2021 in AWS by devin (5.6k points)
0 votes
1 answer
SNS to Lambda vs SNS to SQS to Lambda
asked Jul 22, 2019 in AWS by yuvraj (19.1k points)

Browse Categories

© COPYRIGHT 2011-2023 INTELLIPAAT.COM. ALL RIGHTS RESERVED.

Download Salary Trends Now !

Learn how professionals like you got up to 100% Salary Hike.

...