Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Access to the resource https://sqs.eu-west-2.amazonaws.com/ is denied.

1

API Gateway -> SQS queue integration

Hi All

Hope you can help.

I am creating REST API in new AWS account with terraform. Using IAM role with AmazonAPIGatewayAdministrator policy to create api gatway method & integration request to SQS queue. Also added permission to role for sending messages to queue aswell.

Once terraform deployed, Getting AccessDenied

{
    "Error": {
        "Code": "AccessDenied",
        "Message": "Access to the resource https://sqs.eu-west-2.amazonaws.com/ is denied.",
        "Type": "Sender"
    },
    "RequestId": "824c8fe5-2da2-58bc-ad89-d4b1a461bf75"
}

Thanks

SG

  • rePost-User-4402012
    vor 2 Jahren

    Using following IAM Role Policy { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:GetLogEvents", "logs:FilterLogEvents" ], "Effect": "Allow", "Resource": "" }, { "Action": "sqs:", "Effect": "Allow", "Resource": "arn:aws:sqs:eu-west-2:account_id:queue_name" }, { "Action": [ "lambda:InvokeFunction", "lambda:InvokeAsync" ], "Effect": "Allow", "Resource": "arn:aws:lambda::account_id:function:" } ], "Version": "2012-10-17" }

Themen
Sicherheit, Identität & KonformitätServerlosFrontend-Web & MobileVernetzung & Bereitstellung von InhaltenAnwendungsintegration
Tags
AWS Identity and Access ManagementAmazon API-GatewayAmazon Simple Queue ServiceIAM-Richtlinien
Sprache
English
rePost-User-4402012
gefragt vor 2 Jahren1410 Aufrufe
2 Antworten
1

Based on the given context, I am assuming that you have correctly added permissions to an IAM role assumed by API Gateway to access an SQS queue. Have you taken a look at SQS access policy, service control policy in AWS organizations, KMS permissions, and VPC endpoint (VPCe) policy (if VPCe is in use)? This article How do I troubleshoot AccessDenied errors on Amazon SQS API calls? covers basic troubleshooting steps.

AWS
Taka_M
beantwortet vor 2 Jahren
  • rePost-User-4402012
    vor 2 Jahren

    Not using VPCs or KMS { "Version": "2012-10-17", "Id": "sqspolicy", "Statement": [ { "Sid": "First", "Effect": "Allow", "Principal": "*", "Action": "sqs:SendMessage", "Resource": "arn:aws:sqs:eu-west-2:account_id:queue_name" } ] }

0

Hi

In your role policy I see sqs: instead of sqs:SendMessage

Make sure { "Action": "SendMessage", ..... }

Omid Eidivandi
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt