如何使用 AWS CLI 命令添加下面列出的 SQS 权限?
"Statement": [
{
"Sid": "Sid8390000202",
"Effect": "Allow",
"Principal": "*",
"Action": "SQS:*",
"Resource": "arn:aws:sqs:us-east-1:12345678:example-queue",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "arn:aws:sns:us-east-1:73628827939:MySNS"
}
}
}
]
您可以使用以下策略将文件本地保存为 set-queue-attributes.json。
{
"Id": "Policy1564523767951",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1564523766749",
"Action": "sqs:*",
"Effect": "Allow",
"Resource": "arn:aws:sqs:us-east-1:12345678:example-queue",
"Condition": {
"ArnEquals": {
"aws:SourceArn": "arn:aws:sns:us-east-1:73628827939:MySNS"
}
},
"Principal": "*"
}
]
}
然后执行以下 CLI 命令。
aws sqs set-queue-attributes --queue-url https://sqs.us-east-1.amazonaws.com/12345678/example-queue --attributes file://set-queue-attributes.json
我必须对@Michael Quale 发布的 json 进行一些轻微的添加才能使其正常工作。
{"Policy" : "{\"Id\": \"Policy1564523767951\",\"Version\": \"2012-10-17\",\"Statement\": [{\"Sid\": \"Stmt1564523766749\",\"Action\": \"sqs:*\",\"Effect\": \"Allow\",\"Resource\": \"arn:aws:sqs:us-east-1:12345678:example-queue\",\"Condition\": {\"ArnEquals\": {\"aws:SourceArn\": \"arn:aws:sns:us-east-1:73628827939:MySNS\"}},\"Principal\": \"*\"}]}"}
这对我有用。你需要正确格式化 json,它应该默默地工作。
REGION="us-east-1"
VERSION="1420"
QUEUE_URL="https://sqs.us-east-1.amazonaws.com/<account-id>/<queue-name>-$VERSION"
cat >sqs.json <<-EOT
{
"Policy" : "{ \"Statement\" : [ { \"Action\" : \"SQS:*\", \"Effect\" : \"Allow\", \"Sid\": \"AllowPESends\", \"Principal\" : { \"AWS\" : [\"arn:aws:iam::<account-id>:root\",\"arn:aws:iam::<account-id>:root\"] }, \"Resource\" : \"${QUEUE_URL}\" } ], \"Id\" : \"SQSPESendPolicy\", \"Version\" : \"2012-10-17\" }"
}
EOT
aws sqs set-queue-attributes --region ${REGION} --queue-url ${QUEUE_URL} --attributes file://sqs.json