Cannot post to SQS queue that is not owned by Caesar #1238
Comments
|
@zwolf -- Do you have an ideas why POSTs to external SQS queues would not be successful? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Caesar seems unable to send messages to SQS queues created using another AWS count, even if access to that queue by Caesar is granted using an access policy modelled on the one used for queues that are owned by Caesar. e.g. (with potentially sensitive strings redacted)
{ "Version": "2012-10-17", "Id": "arn:aws:sqs:us-east-1:<non_caesar_owner_arn>:<queue_name>/SQSDefaultPolicy", "Statement": [ { "Sid": "33B59DA5-0F94-443B-8904-E652B8FFEA73", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<non_caesar_owner_arn>:root" }, "Action": "SQS:*", "Resource": "arn:aws:sqs:us-east-1:<non_caesar_owner_arn>:<queue_name>" }, { "Sid": "8C9F2711-6FA7-4C7B-98B2-A86395C80417", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::<caesar_arn>:user/caesar" }, "Action": "SQS:*", "Resource": "arn:aws:sqs:us-east-1:<non_caesar_owner_arn>:<queue_name>" } ] }Note that the
Sids are auto-generated UUIDs and theIdformat is modelled on the policy used for queues that are owned by Caesar. In fact it can be any string and is only used for naming purposes.The text was updated successfully, but these errors were encountered: