Amazon web services 针对SQS的AWS IAM政策_Amazon Web Services_Amazon Sqs_Amazon Iam

Amazon web services 针对SQS的AWS IAM政策

amazon-web-services

Amazon web services 针对SQS的AWS IAM政策,amazon-web-services,amazon-sqs,amazon-iam,Amazon Web Services,Amazon Sqs,Amazon Iam,我正在尝试向现有iam用户添加一个策略，该用户已经可以在两个s3存储桶上执行crud。这是当前的工作策略 { "Version": "2012-10-17", "Statement": [ { "Sid": "devcontrol", "Effect": "Allow", "Action": [ "s3:Get*", "s3:Put*", "s3:DeleteObject", "s

我正在尝试向现有iam用户添加一个策略，该用户已经可以在两个s3存储桶上执行crud。这是当前的工作策略

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "devcontrol",
      "Effect": "Allow",
      "Action": [
        "s3:Get*",
        "s3:Put*",
        "s3:DeleteObject",
        "s3:DeleteObjectVersion"
      ],
      "Resource": [
        "arn:aws:s3:::blahimages/*",
        "arn:aws:s3:::blahvideos/*"
      ]
    }
  ]
}

sqs文档中的一个示例策略是

{
   "Version": "2012-10-17",
   "Statement":[{
      "Effect":"Allow",
      "Action":"sqs:*",
      "Resource":"arn:aws:sqs:*:123456789012:bob_queue*"
      }
   ]
}

所以我试过这个

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "devcontrol",
      "Effect": "Allow",
      "Action": [
        "s3:Get*",
        "s3:Put*",
        "s3:DeleteObject",
        "s3:DeleteObjectVersion"
       ],
       "Resource": [
         "arn:aws:s3:::blahimages/*",
         "arn:aws:s3:::blahvideos/*"
        ]
     },
     {
       "Effect":"Allow",
       "Action":"sqs:*",
       "Resource":"arn:aws:sqs:*:myarn"
      }
    ]
  }

我没有得到任何解析错误，但是模拟器仍然返回sqs队列的拒绝

此外，我真的希望该用户能够将消息添加到队列中，接收并删除它们，而上述策略将添加所有操作，我相信您的SQS ARN无效：

“ARN:aws:SQS:::myarn”

您应该使用

arn:aws:sqs:：作为有效sqs策略的示例