1. Answers
  2. Configuring AWS SQS Queue Policy

How do I configure an AWS SQS queue policy?

To configure an AWS SQS queue policy, you need to define an SQS queue and attach a policy to it that specifies permissions for various actions. This example demonstrates how to create an AWS SQS queue and attach a policy to it by defining the necessary resources and configurations.

Before diving into the code, let’s break down the essential components:

  • aws_sqs_queue: This resource creates the SQS queue.
  • aws_sqs_queue_policy: This resource attaches a policy to the created SQS queue to manage permissions.

In the example below, we’ll create a simple SQS queue and add a policy that grants permissions to another AWS account to send messages to the queue.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an SQS queue
const myQueue = new aws.sqs.Queue("my_queue", {name: "my-queue"});
// Attach a policy to the queue
const myQueuePolicy = new aws.sqs.QueuePolicy("my_queue_policy", {
    queueUrl: myQueue.id,
    policy: pulumi.jsonStringify({
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Principal: "*",
            Action: "sqs:SendMessage",
            Resource: myQueue.arn,
            Condition: {
                ArnEquals: {
                    "aws:SourceArn": "arn:aws:iam::123456789012:root",
                },
            },
        }],
    }),
});
export const queueUrl = myQueue.id;
export const queueArn = myQueue.arn;

In summary, we created an SQS queue named “my-queue” and attached a policy that allows an AWS account (with the ARN arn:aws:iam::123456789012:root) to send messages to it. The outputs provide the queue’s URL and ARN for reference.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up