AWS SQS permissions for AWS Lambda Cross Account

Question

I'm using the AWS SQS service, and I'm having a hard time defining permissions on my SQS queue. In my setup I'm using the AWS Lambda service, which is triggered when an object is pushed onto an S3 bucket.

However to keep my question briefly, this is what I want to achieve:

Object is pushed to a S3 bucket, S3 bucket triggers AWS Lambda, Lambda does some calculations and pushes an event to my SQS queue (Permission needs to be defined) Application reads from SQS Lambda and SQS queue are in different AWS account- Steps followed-

1. Added permission for access role assumed by lambda in SQS access policy-

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "arn:aws:iam::accountid:role/rolename",
        ]
      },
      "Action": "SQS:SendMessage",
      "Resource": "https://sqs.us-east-1.amazonaws.com/accountid/qsqqueuename"
    }
  ]
}

2. SQS queue has KMS key enabled so gave permission in kms access policy to the same role

3. The role assumed by lambda has following access-

{
           "Action": [
               "s3:PutObject",
               "s3:GetObject",
               "kms:Decrypt",
               "kms:Encrypt",
               "sqs:SendMessage",
               "kms:DescribeKey",
               "s3:ListBucket",
               "ssm:GetParameter",
               "kms:ReEncrypt*",
               "kms:GenerateDataKey*"
           ],
           "Resource": [
               "arn:aws:kms:us-east-1:accountid:key/kmskey5809e1338be5",
               "arn:aws:sqs:us-east-1:accountid:sqaqueuename"
           ],
           "Effect": "Allow",
           "Sid": "mailboxaccess"
       },

My lambda is giving the error- An error occurred (AccessDenied) when calling the SendMessage operation: Access to the resource https://queue.amazonaws.com/ is denied. Any suggestions?

Answer 1

The problem was the arn for sqs..I had provided an HTTP address for the queue whereas need to provide an arn.