Reputation: 5314
What permissions are needed on an SQS queue in order to be able to receive notifications from SES over SNS?
My scenario: Send mail using SES and receive delivery information over SNS into an SQS queue. What permissions does that queue need to have?
I found that if I don't grant any permissions at all the notifications do not arrive. When I grant Everyone permission the notifications do arrive but that is unsafe.
What should permissions should I set?
Upvotes: 2
Views: 758
Answers (1)
Reputation: 908
You will need to give the SNS Queue permission to call the sqs:SendMessage API Call
To do this, you add a policy to your SQS Queue, that allows all principals, on the condition that their ARN is your SNS's ARN, effectively locking down that particular call from your SNS topic.
You can find an example below - replace the Resource and SourceArn as required.
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"MySQSPolicy001",
"Effect":"Allow",
"Principal":"*",
"Action":"sqs:SendMessage",
"Resource":"arn:aws:sqs:us-east-1:123456789012:MyQueue",
"Condition":{
"ArnEquals":{
"aws:SourceArn":"arn:aws:sns:us-east-1:123456789012:MyTopic"
}
}
}
]
}
Source: http://docs.aws.amazon.com/sns/latest/dg/SendMessageToSQS.html
Upvotes: 3
Related Questions
- What type of Lambda event should I use to handle a SNS message received from an SQS queue?
- SQS can receive encrypted message from SNS with no specific KMS permission
- Tracking email opens with Amazon SES, SNS and SQS
- Amazon SES messages to SNS and SQS optimization
- How to use Laravel 5 to receive Amazon SNS message from SQS?
- Amazon SES -> SNS SQS notifications not working