Amazon web services 针对SQS的AWS IAM政策
我正在尝试向现有iam用户添加一个策略,该用户已经可以在两个s3存储桶上执行crud。这是当前的工作策略Amazon web services 针对SQS的AWS IAM政策,amazon-web-services,amazon-sqs,amazon-iam,Amazon Web Services,Amazon Sqs,Amazon Iam,我正在尝试向现有iam用户添加一个策略,该用户已经可以在两个s3存储桶上执行crud。这是当前的工作策略 { "Version": "2012-10-17", "Statement": [ { "Sid": "devcontrol", "Effect": "Allow", "Action": [ "s3:Get*", "s3:Put*", "s3:DeleteObject", "s
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "devcontrol",
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:Put*",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::blahimages/*",
"arn:aws:s3:::blahvideos/*"
]
}
]
}
sqs文档中的一个示例策略是
{
"Version": "2012-10-17",
"Statement":[{
"Effect":"Allow",
"Action":"sqs:*",
"Resource":"arn:aws:sqs:*:123456789012:bob_queue*"
}
]
}
所以我试过这个
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "devcontrol",
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:Put*",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::blahimages/*",
"arn:aws:s3:::blahvideos/*"
]
},
{
"Effect":"Allow",
"Action":"sqs:*",
"Resource":"arn:aws:sqs:*:myarn"
}
]
}
我没有得到任何解析错误,但是模拟器仍然返回sqs队列的拒绝
此外,我真的希望该用户能够将消息添加到队列中,接收并删除它们,而上述策略将添加所有操作,我相信您的SQS ARN无效:
“ARN:aws:SQS:::myarn”
您应该使用arn:aws:sqs::作为有效sqs策略的示例