1 回答
- 最新
- 投票最多
- 评论最多
0
Hi,
The page https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-basic-examples-of-sqs-policies.html will give you details of the exact IAM policies to use to allow anonymous posting to SQS queues (on a tume-limited basis if needed).
See in particular examples 5 & 6.
Example 6 with time-limited allowance:
{
"Version": "2012-10-17",
"Id": "Queue1_Policy_UUID",
"Statement": [{
"Sid":"Queue1_AnonymousAccess_ReceiveMessage_TimeLimit",
"Effect": "Allow",
"Principal": "*",
"Action": "sqs:ReceiveMessage",
"Resource": "arn:aws:sqs:*:111122223333:queue1",
"Condition" : {
"DateGreaterThan" : {
"aws:CurrentTime":"2009-01-31T12:00Z"
},
"DateLessThan" : {
"aws:CurrentTime":"2009-01-31T15:00Z"
}
}
}]
}
Best
Didier
相关内容
- AWS 官方已更新 2 年前
- AWS 官方已更新 8 个月前
- AWS 官方已更新 2 年前
The examples above doesn't seem to work. After creating an SQS queue with that policy, trying to read messages from the queue as an anonymous user does not work.
Running
aws sqs receive-message --queue-url https://sqs.us-east-1.amazonaws.com/xxx/queue1 --no-sign-request
returns:Interestingly, the command above (
aws sqs receive-message --queue-url https://sqs.us-east-1.amazonaws.com/xxx/queue1 --no-sign-request
) works if the queue is empty and returns an empty array of messages.However, if there is a message in the queue, then an access denied error is returned.