By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to add more than one S3 Bucket ARN to an SQS Queue Access Policy

0

Hello: I'm trying to add another S3 bucket to an existing SQS Queue. Try as I might, I can't find a way to add it to the existing policy. Example:

{
  "Sid": "example-statement-ID",
  "Effect": "Allow",
  "Principal": {
    "Service": "s3.amazonaws.com"
  },
  "Action": "SQS:SendMessage",
  "Resource": "arn:aws:sqs:us-east-1:0645xxxxxxxx:HammerSQS1",
  "Condition": {
    "StringEquals": {
      "aws:SourceAccount": "064xxxxxxxx"
    },
    "ArnLike": ": {[
      "aws:SourceArn": "arn:aws:s3:*:*:contentdisarming-bucket-one"

** "aws:SourceArn": "arn:aws:s3:::contentdisarming-bucket-two"] ** { } } } ] }

When I try to add the 2nd bucket (contentdisarming-bucket-two) I get an error: "Invalid JSON" What am I doing wrong here? It's possible to add more than one S3 SourceArn to an SQS queue, correct?

Thanks in advance..

Topics
StorageServerlessApplication Integration
Tags
Amazon Simple Storage ServiceAmazon Simple Queue Service
Language
English
profile picture
rePost-User-9015990
asked 2 years ago1522 views
2 Answers
1

It seems some of the policy you posted is formatted outside of the code block so it looks like there's a lot wrong with it (e.g. "**", "{ }", lack of comma between the bucket ARNs). Can you try re-posting your complete policy with the 2nd bucket included, and no special formatting etc?

EXPERT
skinsman
answered 2 years ago
  • rePost-User-9015990
    2 years ago

    Ok, here goes:

    { "Version": "2012-10-17", "Id": "example-ID", "Statement": [ { "Sid": "example-statement-ID", "Effect": "Allow", "Principal": { "Service": "s3.amazonaws.com" }, "Action": "SQS:SendMessage", "Resource": "arn:aws:sqs:us-east-1:0645********:HammerSQS1", "Condition": { "StringEquals": { "aws:SourceAccount": "0645********" }, "ArnLike": {[ "aws:SourceArn": "arn:aws:s3:::contentdisarming-bucket-one" "aws:SourceArn": "arn:aws:s3:::contentdisarming-bucket-two"] } } } ] }

    Thanks

0

Hi Folks: Figured it out. The brackets were in the wrong places, here is the JSON for the SQS Access Policy that works. What I wanted to achieve was to get two S3 buckets connected to the same SQS Queue:

	"Version": "2012-10-17",
	"Id": "example-ID",
	"Statement": [{
		"Sid": "example-statement-ID",
		"Effect": "Allow",
		"Principal": {
			"Service": "s3.amazonaws.com"
		},
		"Action": "SQS:SendMessage",
		"Resource": "arn:aws:sqs:us-east-1:0645********:HammerSQS1",
		"Condition": {
			"StringEquals": {
				"aws:SourceAccount": "0645********"
			},
			"ArnLike": {
				"aws:SourceArn": [
					"arn:aws:s3:*:*:contentdisarming-bucket-one",
					"arn:aws:s3:*:*:contentdisarming-bucket-two"
				]
			}
		}
	}]
}

Hope this saves someone else some time & frustration :)

profile picture
rePost-User-9015990
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content