Implement AWS Security Group Rules (lambda-> SQS)

Question

Implement AWS Security Group Rules (lambda-> SQS)

In AWS, we have implemented the functionality that AWMS lambda posts to the AWS queue;

However, during this implementation, I needed to grant permissions to grant access to AWMS lambda to add a message to a specific queue. And this manual click apporach is not very good for deploying prod.

Any suggestions on how to automate the process of adding permissions between AWS services (mainly lambda and SQS) and create a “good” deployment package for prod env?

+4

amazon-web-services amazon-sqs aws-lambda aws-security-group

user1459144 Feb 29 '16 at 10:53

source share

1 answer

Luc hendriks · Accepted Answer · 2016-02-29T14:04:40+0000

Each Lambda feature has an attached role that you can specify permissions for the IAM control panel. If you give the role of lambda-resolution functions permission to click on the SQS queue, you're good to go. For example, attach this JSON as a custom role (see http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/SQSExamples.html ):

{
  "Version": "2012-10-17",
  "Id": "Queue1_Policy_UUID",
  "Statement": 
    {
       "Sid":"Queue1_SendMessage",
       "Effect": "Allow",
       "Principal": {
            "AWS": "111122223333"
         },
        "Action": "sqs:SendMessage",
        "Resource": "arn:aws:sqs:us-east-1:444455556666:queue1"
     }
}

You can use asterisks to resolve multiple queues, for example:

"Resource": "arn:aws:sqs:us-east-1:444455556666:production-*"

To provide sendMessage permission for all queues starting with production-.

Implement AWS Security Group Rules (lambda-> SQS)

More articles: