- Newest
- Most votes
- Most comments
The AccessDenied error you're encountering with the second mapping template is likely due to how the message body is being constructed and encoded. There are a few potential issues to consider:
-
Message Body Encoding: In the second template, you're using $util.urlEncode() to encode the entire message body. This might be causing issues with the message format that SQS expects. Instead of URL encoding the entire message, try encoding only the necessary parts.
-
Message Size: If the transformed message is larger than 256KB (the maximum size for an SQS message), it will be rejected. Ensure that your transformed message doesn't exceed this limit.
-
Special Characters: The way you're constructing the JSON in the second template might introduce unexpected characters or formatting issues. Consider using $util.escapeJavaScript() for individual values to ensure proper escaping.
-
Permissions: Although you mentioned that the IAM role has full access, double-check that the permissions include both sqs:SendMessage and sqs:SendMessageBatch actions.
To resolve this issue, try modifying your second template as follows:
- Use $util.toJson() to convert the entire message body to a properly formatted JSON string.
- Use $util.urlEncode() only on the resulting JSON string.
- Ensure that you're properly accessing the 'dailies' array in your input.
Here's a revised version of your second template that might work:
#set($inputRoot = $input.path('$.dailies'))
#set($items = [])
#foreach($elem in $inputRoot)
$util.qr($items.add({
"steps": $elem.steps,
"userId": $elem.userId
}))
#end
#set($messageBody = $util.toJson({"dailies": $items}))
Action=SendMessage&MessageBody=$util.urlEncode($messageBody)
This template should create a properly formatted JSON string for your message body, which is then URL encoded before being sent to SQS.
If you're still encountering issues after these changes, you may want to:
- Enable CloudWatch Logs for your API Gateway and examine the logs for any additional error information.
- Test the SQS queue directly using the AWS CLI or SDK to ensure there are no issues with the queue itself.
- Verify that the API Gateway's execution role has the necessary permissions to access the specific SQS queue you're trying to send messages to.
Remember, when working with custom mapping templates, it's crucial to ensure that the resulting message adheres to SQS's requirements and that all necessary permissions are in place.
Sources
Amazon SQS Features | Message Queuing Service | AWS
Amazon SQS Key management - Amazon Simple Queue Service
Relevant content
- asked 10 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 months ago
The revised map still gives me { "Error": { "Code": "AccessDenied", "Message": "Access to the resource https://sqs.us-east-1.amazonaws.com/XX53890XXXX4/QAXXRealtimeData is denied.", "Type": "Sender" }, "RequestId": "fb9b26f4-bfd0-57ef-bea5-7943e767d9ad" } 2) I dont think the response size exceeds 256 kb , input i tried was { "dailies": [ { "somethingElse": "value", "steps": 70, "stepsCounts": 503, "someRandomArray":["00000","11111"], "userId": "3234222" },{ "somethingElse": "avalue", "steps": 30, "stepsCounts": 5033, "someRandomArray":["00000","11111"], "userId": "2342223" } ] } 3) i have given necessary permisons to api gateway since i can send messages when mapping template is like Action=SendMessage&MessageBody={ "data" : $input.json('$'), "api-key": "$input.params('api-key')", "apiType" : "POST", "headers": { #foreach($param in $input.params().header.keySet()) "$param": "$util.escapeJavaScript($input.params().header.get($param))" #if($foreach.hasNext),#end #end }}