How do I configure an AWS SQS queue policy?
To configure an AWS SQS queue policy, you need to define an SQS queue and attach a policy to it that specifies permissions for various actions. This example demonstrates how to create an AWS SQS queue and attach a policy to it by defining the necessary resources and configurations.
Before diving into the code, let’s break down the essential components:
- aws_sqs_queue: This resource creates the SQS queue.
- aws_sqs_queue_policy: This resource attaches a policy to the created SQS queue to manage permissions.
In the example below, we’ll create a simple SQS queue and add a policy that grants permissions to another AWS account to send messages to the queue.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create an SQS queue
const myQueue = new aws.sqs.Queue("my_queue", {name: "my-queue"});
// Attach a policy to the queue
const myQueuePolicy = new aws.sqs.QueuePolicy("my_queue_policy", {
queueUrl: myQueue.id,
policy: pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Principal: "*",
Action: "sqs:SendMessage",
Resource: myQueue.arn,
Condition: {
ArnEquals: {
"aws:SourceArn": "arn:aws:iam::123456789012:root",
},
},
}],
}),
});
export const queueUrl = myQueue.id;
export const queueArn = myQueue.arn;
In summary, we created an SQS queue named “my-queue” and attached a policy that allows an AWS account (with the ARN arn:aws:iam::123456789012:root
) to send messages to it. The outputs provide the queue’s URL and ARN for reference.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.