我创建了具有SQS策略的SQS,该策略授予对iam_user_1的访问权限
Resources:
MyQueue:
Type: 'AWS::SQS::Queue'
Properties:
QueueName:
'Fn::Join': ['-', ["my-queue-prefix", {Ref: Stage}]]
MessageRetentionPeriod: 60
ReceiveMessageWaitTimeSeconds: 20
QueuePolicy:
Type: 'AWS::SQS::QueuePolicy'
Properties:
Queues:
- {Ref: MyQueue}
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- sqs:ReceiveMessage
Principal:
AWS:
- '<account_1>'
Resource: {Ref: MyQueue}
Condition:
ArnEquals:
aws:SourceArn: 'arn:aws:iam::<account_1>:user/iam_user_1'
使用此队列策略,我的用户仍然无法访问该队列-拒绝403访问。我还尝试将principal更改为
Principal:
AWS:
- 'arn:aws:iam::<account_1>:user/iam_user_1'
是否可以仅使用sqs策略允许iam用户访问权限以读取SQS。我是否需要修改iam用户策略以授予对sqs的访问权限?