AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

How to allow anonymous access for SendMessage to Amazon SQS?

0

The AWS SQS docs states that anonymous access is supported: https://aws.amazon.com/sqs/faqs/#:~:text=Q%3A%20Does%20Amazon%20SQS%20support%20anonymous%20access%3F

It also provides an example policy that grants a permission to all users: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-basic-examples-of-sqs-policies.html#:~:text=Example%205%3A%20Grant%20a%20permission%20to%20all%20users

I've tried to create an SQS queue with the following access policy:

{
  "Version": "2012-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__owner_statement",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "SQS:*",
      "Resource": "*"
    }
  ]
}

However, an anonymous client (using a cURL request) gets the following error when trying to execute SendMessage: Access to the resource The specified queue does not exist or you do not have access to it. is denied.

A previous solution (https://stackoverflow.com/questions/32632850/how-do-you-enable-anonymous-write-access-to-sqs-queue) doesn't seem to work anymore.

Is anonymous access to SQS no longer supported by AWS?

주제
보안, 신원 및 규정 준수서버리스애플리케이션 통합
태그
AWS 자격 증명 및 액세스 관리아마존 심플 큐 서비스IAM 정책
언어
English
Michael
질문됨 6달 전310회 조회
1개 답변
0

Hi,

The page https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-basic-examples-of-sqs-policies.html will give you details of the exact IAM policies to use to allow anonymous posting to SQS queues (on a tume-limited basis if needed).

See in particular examples 5 & 6.

Example 6 with time-limited allowance:

{
   "Version": "2012-10-17",
   "Id": "Queue1_Policy_UUID",
   "Statement": [{
      "Sid":"Queue1_AnonymousAccess_ReceiveMessage_TimeLimit",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sqs:ReceiveMessage",
      "Resource": "arn:aws:sqs:*:111122223333:queue1",
      "Condition" : {
         "DateGreaterThan" : {
            "aws:CurrentTime":"2009-01-31T12:00Z"
         },
         "DateLessThan" : {
            "aws:CurrentTime":"2009-01-31T15:00Z"
         }
      }
   }]
}

Best

Didier

profile pictureAWS
전문가
Didier_Durand
답변함 6달 전
  • Michael
    6달 전

    The examples above doesn't seem to work. After creating an SQS queue with that policy, trying to read messages from the queue as an anonymous user does not work.

    Running aws sqs receive-message --queue-url https://sqs.us-east-1.amazonaws.com/xxx/queue1 --no-sign-request returns:

    An error occurred (AccessDenied) when calling the ReceiveMessage operation: Access to the resource The specified queue does not exist or you do not have access to it. is denied.
  • Michael
    6달 전

    Interestingly, the command above (aws sqs receive-message --queue-url https://sqs.us-east-1.amazonaws.com/xxx/queue1 --no-sign-request) works if the queue is empty and returns an empty array of messages.

    However, if there is a message in the queue, then an access denied error is returned.

    An error occurred (AccessDenied) when calling the ReceiveMessage operation: Access to the resource The specified queue does not exist or you do not have access to it. is denied.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠