1 個回答
- 最新
- 最多得票
- 最多評論
0
Hi,
The page https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-basic-examples-of-sqs-policies.html will give you details of the exact IAM policies to use to allow anonymous posting to SQS queues (on a tume-limited basis if needed).
See in particular examples 5 & 6.
Example 6 with time-limited allowance:
{
"Version": "2012-10-17",
"Id": "Queue1_Policy_UUID",
"Statement": [{
"Sid":"Queue1_AnonymousAccess_ReceiveMessage_TimeLimit",
"Effect": "Allow",
"Principal": "*",
"Action": "sqs:ReceiveMessage",
"Resource": "arn:aws:sqs:*:111122223333:queue1",
"Condition" : {
"DateGreaterThan" : {
"aws:CurrentTime":"2009-01-31T12:00Z"
},
"DateLessThan" : {
"aws:CurrentTime":"2009-01-31T15:00Z"
}
}
}]
}
Best
Didier
相關內容
- 已提問 10 個月前
- AWS 官方已更新 8 個月前
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
The examples above doesn't seem to work. After creating an SQS queue with that policy, trying to read messages from the queue as an anonymous user does not work.
Running
aws sqs receive-message --queue-url https://sqs.us-east-1.amazonaws.com/xxx/queue1 --no-sign-request
returns:Interestingly, the command above (
aws sqs receive-message --queue-url https://sqs.us-east-1.amazonaws.com/xxx/queue1 --no-sign-request
) works if the queue is empty and returns an empty array of messages.However, if there is a message in the queue, then an access denied error is returned.