Lambda function can't push messages to sqs

Question

I have a lambda function with an exacution role with this policies:
* AWSLambdaBasicExecutionRole ("logs:CreateLogStream", "logs:PutLogEvents")
* a custom policy ({
            "Effect": "Allow",
            "Action": [
                "sqs:SendMessage",
                "sqs:ListQueues"
            ],
            "Resource": [
                "arn:aws:sqs:myqueue"
            ]
        })
* AWSCodeCommitReadOnly
the my sqs queue has aan access policy:

{
      "Sid": "AllowLambdaAccess",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::myLambdaServiceRole"
      },
      "Action": "SQS:SendMessage",
      "Resource": "arn:aws:sqs:mySqsQueue"
    }

the lambda function and the queue are in the same region. No vpc configured for the lambda function.
proplem is lambda times out and can't push messages to sqs

code for lambda is pretty standard:
```
const { SQSClient, SendMessageCommand } = require('@aws-sdk/client-sqs');
const sqsClient = new SQSClient({ region: 'us-east-1' });
const queueUrl = 'https://sqs.us-east-1.amazonaws.com/XXXXXXXXXXX/MySqsQueue';

any idea what I am doing wrong?

Accepted Answer

My apologies, the lambda function was actually in a VPC. I solved with a VPC endpoint.

Answer

Apologies if I'm taking your post too literally, but your ARN in your custom policy "arn:aws:sqs:myqueue" needs to be in format "arn:aws:sqs:us-east-1:444455556666:myqueue".

How do your logs look?  Are you getting your "success" or "error" messages in there?  If you have wrong permissions you should be catching an exception and logging it according to your code, not getting a timeout.  So maybe your timeout is too small - the default 3 seconds can be a bit small for some AWS SDKs to get up and running.

Lambda function can't push messages to sqs

関連するコンテンツ