Skip to content

Commit

Permalink
Add new DLQ Redrive permissions to SQS policy
Browse files Browse the repository at this point in the history 
This PR adds permissions to perform DLQ redrives using the new IAM action names - these used to be covered by Send/ReceiveMessage. The new permissions and CloudTrail events take effect on 31st August 2023.

https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues-cloudtrail.html
  • Loading branch information
@marcus-bcl
marcus-bcl authored Aug 23, 2023
1 parent ac91653 commit f6378ae
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion sqs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,14 @@ data "aws_iam_policy_document" "sqs_for_github" {
sid = "AllowSQSSendRecvOwn"
effect = "Allow"
actions = [
"sqs:CancelMessageMoveTask",
"sqs:ChangeMessageVisibility",
"sqs:DeleteMessage",
"sqs:ListMessageMoveTasks",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:PurgeQueue",
"sqs:StartMessageMoveTask",
"sqs:PurgeQueue"
]
resources = ["*"]
condition {
Expand Down

0 comments on commit f6378ae

Please sign in to comment.