CODEWITHSUNDEEP
amazon-web-servicesamazon-iamamazon-sqsaws-cli
Punter Vicky
Punter Vicky

Reputation: 17032

Adding SQS Permissions with conditions using AWS CLI Command

How can I add the below listed SQS permission using AWS CLI command?

    "Statement": [
    {
      "Sid": "Sid8390000202",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "SQS:*",
      "Resource": "arn:aws:sqs:us-east-1:12345678:example-queue",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:us-east-1:73628827939:MySNS"
        }
      }
    }
  ]

Upvotes: 2

Views: 3477

Answers (3)

Stalin Rijal
Stalin Rijal

Reputation: 41

This worked for me. Yo need to format json properly , it should work silently.

REGION="us-east-1"
VERSION="1420"
QUEUE_URL="https://sqs.us-east-1.amazonaws.com/<account-id>/<queue-name>-$VERSION"
cat >sqs.json <<-EOT
{
   "Policy" : "{ \"Statement\" : [ { \"Action\" : \"SQS:*\", \"Effect\" : \"Allow\", \"Sid\": \"AllowPESends\", \"Principal\" : { \"AWS\" : [\"arn:aws:iam::<account-id>:root\",\"arn:aws:iam::<account-id>:root\"] }, \"Resource\" : \"${QUEUE_URL}\" } ], \"Id\" : \"SQSPESendPolicy\", \"Version\" : \"2012-10-17\" }"
 }
EOT
  
aws sqs set-queue-attributes --region ${REGION} --queue-url ${QUEUE_URL} --attributes file://sqs.json

Upvotes: 1

Punter Vicky
Punter Vicky

Reputation: 17032

I had to make a slight addition to the json that @Michael Quale posted to get it working.

{"Policy" : "{\"Id\": \"Policy1564523767951\",\"Version\": \"2012-10-17\",\"Statement\": [{\"Sid\": \"Stmt1564523766749\",\"Action\": \"sqs:*\",\"Effect\": \"Allow\",\"Resource\": \"arn:aws:sqs:us-east-1:12345678:example-queue\",\"Condition\": {\"ArnEquals\": {\"aws:SourceArn\": \"arn:aws:sns:us-east-1:73628827939:MySNS\"}},\"Principal\": \"*\"}]}"}

Upvotes: 4

Michael Quale
Michael Quale

Reputation: 607

You can save the file locally as set-queue-attributes.json with the following policy.

{
  "Id": "Policy1564523767951",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1564523766749",
      "Action": "sqs:*",
      "Effect": "Allow",
      "Resource": "arn:aws:sqs:us-east-1:12345678:example-queue",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:us-east-1:73628827939:MySNS"
        }
      },
      "Principal": "*"
    }
  ]
}

Then execute the following CLI command.

aws sqs set-queue-attributes --queue-url https://sqs.us-east-1.amazonaws.com/12345678/example-queue --attributes file://set-queue-attributes.json

Upvotes: 5

Related Questions