Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

How to add more than one S3 Bucket ARN to an SQS Queue Access Policy

0

Hello: I'm trying to add another S3 bucket to an existing SQS Queue. Try as I might, I can't find a way to add it to the existing policy. Example:

{
  "Sid": "example-statement-ID",
  "Effect": "Allow",
  "Principal": {
    "Service": "s3.amazonaws.com"
  },
  "Action": "SQS:SendMessage",
  "Resource": "arn:aws:sqs:us-east-1:0645xxxxxxxx:HammerSQS1",
  "Condition": {
    "StringEquals": {
      "aws:SourceAccount": "064xxxxxxxx"
    },
    "ArnLike": ": {[
      "aws:SourceArn": "arn:aws:s3:*:*:contentdisarming-bucket-one"

** "aws:SourceArn": "arn:aws:s3:::contentdisarming-bucket-two"] ** { } } } ] }

When I try to add the 2nd bucket (contentdisarming-bucket-two) I get an error: "Invalid JSON" What am I doing wrong here? It's possible to add more than one S3 SourceArn to an SQS queue, correct?

Thanks in advance..

Themen
SpeicherServerlosAnwendungsintegration
Tags
Amazon Simple Storage ServiceAmazon Simple Queue Service
Sprache
English
profile picture
rePost-User-9015990
gefragt vor 2 Jahren1548 Aufrufe
2 Antworten
1

It seems some of the policy you posted is formatted outside of the code block so it looks like there's a lot wrong with it (e.g. "**", "{ }", lack of comma between the bucket ARNs). Can you try re-posting your complete policy with the 2nd bucket included, and no special formatting etc?

EXPERTE
skinsman
beantwortet vor 2 Jahren
  • rePost-User-9015990
    vor 2 Jahren

    Ok, here goes:

    { "Version": "2012-10-17", "Id": "example-ID", "Statement": [ { "Sid": "example-statement-ID", "Effect": "Allow", "Principal": { "Service": "s3.amazonaws.com" }, "Action": "SQS:SendMessage", "Resource": "arn:aws:sqs:us-east-1:0645********:HammerSQS1", "Condition": { "StringEquals": { "aws:SourceAccount": "0645********" }, "ArnLike": {[ "aws:SourceArn": "arn:aws:s3:::contentdisarming-bucket-one" "aws:SourceArn": "arn:aws:s3:::contentdisarming-bucket-two"] } } } ] }

    Thanks

0

Hi Folks: Figured it out. The brackets were in the wrong places, here is the JSON for the SQS Access Policy that works. What I wanted to achieve was to get two S3 buckets connected to the same SQS Queue:

	"Version": "2012-10-17",
	"Id": "example-ID",
	"Statement": [{
		"Sid": "example-statement-ID",
		"Effect": "Allow",
		"Principal": {
			"Service": "s3.amazonaws.com"
		},
		"Action": "SQS:SendMessage",
		"Resource": "arn:aws:sqs:us-east-1:0645********:HammerSQS1",
		"Condition": {
			"StringEquals": {
				"aws:SourceAccount": "0645********"
			},
			"ArnLike": {
				"aws:SourceArn": [
					"arn:aws:s3:*:*:contentdisarming-bucket-one",
					"arn:aws:s3:*:*:contentdisarming-bucket-two"
				]
			}
		}
	}]
}

Hope this saves someone else some time & frustration :)

profile picture
rePost-User-9015990
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt