Adding SQS Permissions with conditions using AWS CLI Command

问题

How can I add the below listed SQS permission using AWS CLI command?

    "Statement": [
    {
      "Sid": "Sid8390000202",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "SQS:*",
      "Resource": "arn:aws:sqs:us-east-1:12345678:example-queue",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:us-east-1:73628827939:MySNS"
        }
      }
    }
  ]

回答1:

You can save the file locally as set-queue-attributes.json with the following policy.

{
  "Id": "Policy1564523767951",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1564523766749",
      "Action": "sqs:*",
      "Effect": "Allow",
      "Resource": "arn:aws:sqs:us-east-1:12345678:example-queue",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:us-east-1:73628827939:MySNS"
        }
      },
      "Principal": "*"
    }
  ]
}

Then execute the following CLI command.

aws sqs set-queue-attributes --queue-url https://sqs.us-east-1.amazonaws.com/12345678/example-queue --attributes file://set-queue-attributes.json

回答2:

I had to make a slight addition to the json that @Michael Quale posted to get it working.

{"Policy" : "{\"Id\": \"Policy1564523767951\",\"Version\": \"2012-10-17\",\"Statement\": [{\"Sid\": \"Stmt1564523766749\",\"Action\": \"sqs:*\",\"Effect\": \"Allow\",\"Resource\": \"arn:aws:sqs:us-east-1:12345678:example-queue\",\"Condition\": {\"ArnEquals\": {\"aws:SourceArn\": \"arn:aws:sns:us-east-1:73628827939:MySNS\"}},\"Principal\": \"*\"}]}"}

来源：https://stackoverflow.com/questions/57279182/adding-sqs-permissions-with-conditions-using-aws-cli-command

标签

amazon-web-services

amazon-iam

amazon-sqs

aws-cli

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!