SQS Usage Policy
This SQS Usage Policy defines the permissions required to interact with Amazon Simple Queue Service (SQS). It allows for sending, receiving, and managing messages within specified SQS queues. Use this policy to grant necessary access to applications and users while adhering to the principle of least privilege.
Required SQS Permissions
This section outlines the essential permissions for basic SQS operations. These permissions enable sending, receiving, and managing messages within designated queues.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RequiredSQS",
"Effect": "Allow",
"Action": [
"sqs:GetQueueUrl",
"sqs:ChangeMessageVisibility",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:GetQueueAttributes"
],
"Resource": [
"arn:aws:sqs:eu-west-1:xxxxxxxxxxxx:dev-request-queue",
"arn:aws:sqs:eu-west-1:xxxxxxxxxxxx:dev-response-queue"
]
},
{
"Sid": "ListQueues",
"Effect": "Allow",
"Action": [
"sqs:ListQueues"
],
"Resource": "*"
}
]
}
Understanding the Policy
The policy is structured with two main statements. The first statement, "RequiredSQS", grants permissions for common SQS actions on specific queues. The second statement, "ListQueues", allows listing all SQS queues.
Actions Explained
Here's a breakdown of the actions included in the "RequiredSQS" statement:
sqs:GetQueueUrl: Retrieves the URL of an SQS queue.sqs:ChangeMessageVisibility: Modifies the visibility timeout of a message in a queue.sqs:ReceiveMessage: Receives one or more messages from a queue.sqs:SendMessage: Sends a message to a queue.sqs:GetQueueAttributes: Retrieves attributes of a queue.
Resource ARNs
The Resource element specifies the Amazon Resource Names (ARNs) of the SQS queues to which the permissions apply. Ensure these ARNs match your specific queue configurations.
Additional Resources
For more information on AWS SQS and IAM policies, refer to the following resources: