AWS SQS permissions for AWS Lambda

amazon-web-services amazon-s3 amazon-sqs aws-lambda

19,079

I don't think the SourceArn field gets populated by Lambda. I know SourceArn works for SNS, but Lambda is really running arbitrary code, not an AWS feature like SNS.

As an alternative, you can attach a policy to the IAM Role your Lambda function runs as.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1440529349000",
            "Effect": "Allow",
            "Action": [
                "sqs:SendMessage"
            ],
            "Resource": [
                "arn:aws:sqs:us-west-2:123456789012:test-queue"
            ]
        }
    ]
}

This method does not require a policy directly attached to the queue.

19,079

Cédric Verstraeten

Hey, I'm Cédric a M. Sc. Industrial Engineer with a huge interest in math, physics, technique, informatics and my girlfriend Kelly. I've been working as a thesis student for the steel company ArcelorMittal, where I did research about labelrecognition and OCR engines. I'm currently working as a R&D Software Engineer at NV Michel Van de Wiele.

Updated on July 13, 2022

Comments

Cédric Verstraeten almost 2 years
I'm using the AWS SQS service, and I'm having a hard time defining permissions on my SQS queue. In my setup I'm using the AWS Lambda service, which is triggered when an object is pushed onto an S3 bucket.

However to keep my question briefly, this is what I want to achieve:
1. Object is pushed to a S3 bucket
2. S3 bucket triggers AWS Lambda
3. Lambda does some calculations, and push an event to my SQS queue (Permission needs to be defined)
4. Application reads from SQS
As you can read from previous use-case, I want my AWS Lambda method to be the only application, which can send a message to the SQS queue. I've tried to set a principal and a condition "sourceArn". But none of them work..

Can anyone help?