1. Answers
  2. Setting up AWS SQS Queue Policy with Terraform

How do I set up an AWS SQS queue policy?

In this guide, we will walk through setting up an AWS Simple Queue Service (SQS) queue with a custom policy. AWS SQS is a fully managed message queuing service that enables decoupling and scaling microservices, distributed systems, and serverless applications. The custom policy added to the queue will allow or restrict permissions based on the specified rules.

Let’s break down what we will do:

  1. Create an AWS SQS Queue: We’ll set up an SQS queue.
  2. Attach a Policy to the Queue: The policy will define permissions, such as which AWS accounts can send or receive messages from the queue.

Here is the full code implementation:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an SQS Queue
const myQueue = new aws.sqs.Queue("my_queue", {name: "my-queue"});
// Define a Queue Policy JSON
const sqsPolicy = aws.iam.getPolicyDocumentOutput({
    statements: [{
        actions: [
            "sqs:SendMessage",
            "sqs:ReceiveMessage",
        ],
        resources: [myQueue.arn],
        principals: [{
            type: "AWS",
            identifiers: ["arn:aws:iam::123456789012:root"],
        }],
    }],
});
// Attach the Policy to the SQS Queue
const myQueuePolicy = new aws.sqs.QueuePolicy("my_queue_policy", {
    queueUrl: myQueue.id,
    policy: sqsPolicy.apply(sqsPolicy => sqsPolicy.json),
});
export const queueName = myQueue.name;
export const queueArn = myQueue.arn;
export const queueUrl = myQueue.id;

Summary

In this example, we configured an AWS SQS queue with a policy enabling specific message actions and restricting access based on AWS account identifiers. This setup ensures controlled access to your SQS queue as per the defined IAM policy.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up