How do I configure AWS IAM and SQS interaction?
In this guide, we will demonstrate how to configure AWS IAM roles and policies to interact with an SQS queue using Pulumi. We will create an SQS queue and an IAM role with a policy that grants the necessary permissions to interact with the queue.
Key Points:
- Create an SQS queue.
- Create an IAM role.
- Attach a policy to the IAM role that allows it to interact with the SQS queue.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create an SQS queue
const queue = new aws.sqs.Queue("myQueue", {
visibilityTimeoutSeconds: 30,
});
// Create an IAM role
const role = new aws.iam.Role("myRole", {
assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "sqs.amazonaws.com" }),
});
// Attach a policy to the IAM role that allows it to interact with the SQS queue
const policy = new aws.iam.RolePolicy("myRolePolicy", {
role: role.id,
policy: pulumi.output(queue.arn).apply(arn => JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Action: [
"sqs:SendMessage",
"sqs:ReceiveMessage",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
],
Effect: "Allow",
Resource: arn,
},
],
})),
});
// Export the queue URL and role ARN
export const queueUrl = queue.url;
export const roleArn = role.arn;
Summary:
In this guide, we created an SQS queue and an IAM role using Pulumi. We then attached a policy to the IAM role that grants it permissions to interact with the SQS queue. This setup ensures that the IAM role can send, receive, and delete messages in the SQS queue, as well as get queue attributes and URL.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.