如何允许一个lambda读取AWS SQS?

时间:2019-10-11 19:46:20

标签: amazon-sqs

我尝试应用以下SQS政策,但似乎不起作用:

{
  "Version": "2012-10-17",
  "Id": "SqsEdsPerms",
  "Statement": [
    {
      "Sid": "20180503",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::6000000000:root"
      },
      "Action": [
        "SQS:SendMessage",
        "SQS:ReceiveMessage"
      ],
      "Resource": "arn:aws:sqs:us-east-1:6000000000:scs-dev-use1-myQueue",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": [
            "arn:aws:lambda:us-east-1:6000000000:function:scs-dev-use1-myLambda"
          ]
        }
      }
    }
  ]
}

我能够编写另一个lambda(myLambda2),并且仍然可以从SQS(myQueue)读取消息。

1 个答案:

答案 0 :(得分:0)

“主体”是被授予权限的资源,因此lambda的ARN应该放在那里。

{
  "Version": "2012-10-17",
  "Id": "SqsEdsPerms",
  "Statement": [
    {
      "Sid": "20180503",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:lambda:us-east-1:6000000000:function:scs-dev-use1-myLambda"
      },
      "Action": [
        "SQS:SendMessage",
        "SQS:ReceiveMessage"
      ],
      "Resource": "arn:aws:sqs:us-east-1:6000000000:scs-dev-use1-myQueue"
    }
  ]
}
相关问题
最新问题