- Newest
- Most votes
- Most comments
Based on the given context, I am assuming that you have correctly added permissions to an IAM role assumed by API Gateway to access an SQS queue. Have you taken a look at SQS access policy, service control policy in AWS organizations, KMS permissions, and VPC endpoint (VPCe) policy (if VPCe is in use)? This article How do I troubleshoot AccessDenied errors on Amazon SQS API calls? covers basic troubleshooting steps.
Not using VPCs or KMS { "Version": "2012-10-17", "Id": "sqspolicy", "Statement": [ { "Sid": "First", "Effect": "Allow", "Principal": "*", "Action": "sqs:SendMessage", "Resource": "arn:aws:sqs:eu-west-2:account_id:queue_name" } ] }
Hi
In your role policy I see sqs: instead of sqs:SendMessage
Make sure { "Action": "SendMessage", ..... }
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 22 days ago
- How do I use an interface VPC endpoint to access an API Gateway private REST API in another account?AWS OFFICIALUpdated 6 months ago
Using following IAM Role Policy { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:DescribeLogGroups", "logs:DescribeLogStreams", "logs:PutLogEvents", "logs:GetLogEvents", "logs:FilterLogEvents" ], "Effect": "Allow", "Resource": "" }, { "Action": "sqs:", "Effect": "Allow", "Resource": "arn:aws:sqs:eu-west-2:account_id:queue_name" }, { "Action": [ "lambda:InvokeFunction", "lambda:InvokeAsync" ], "Effect": "Allow", "Resource": "arn:aws:lambda::account_id:function:" } ], "Version": "2012-10-17" }