1 Answer
- Newest
- Most votes
- Most comments
0
Hello.
Have you set the SQS access policy to allow access from SNS?
You must have a policy in place as described in the document below.
https://docs.aws.amazon.com/sns/latest/dg/subscribe-sqs-queue-to-sns-topic.html#SendMessageToSQS.sqs.permissions
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Action": "sqs:SendMessage",
"Resource": "arn:aws:sqs:us-east-2:123456789012:MyQueue",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "arn:aws:sns:us-east-2:123456789012:MyTopic"
}
}
}
]
}
Relevant content
- asked 5 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
How to achieve the access policy throw coding? I can't go apply everytime manually, it should be automatic.
If you are building AWS resources using CDK, you can add it using "QueuePolicy". https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.QueuePolicy.html
If you are using the SDK, I think you can use something like "add_permission". https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sqs/client/add_permission.html