I have sqs queue, which has no policy defined. Queue is not owned by me, I have no idea how it is used, and I do not want to break it. I need to add permission for sending messages from different account, i.e.:
{
"Version": "2012-10-17",
"Id": "Queue1_Policy_UUID",
"Statement": [{
"Sid":"Queue1_Send_Receive",
"Effect": "Allow",
"Principal": { "AWS": [ "111122223333" ] },
"Action": [ "sqs:SendMessage" ],
"Resource": "arn:aws:sqs:us-east-1:my-queue"
}]
}
Adding such policy to queue will override default policy which grants full access to account which created the queue. I cannot find definition/equivalent of this default policy.
How can I add my statement to the queue's resource policy without breaking access in the account owning the queue?
To obtain a 'default' policy, simply create a new SQS Queue. It will display a policy like this:
{
"Version": "2012-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__owner_statement",
"Effect": "Allow",
"Principal": {
"AWS": "111111111111"
},
"Action": [
"SQS:*"
],
"Resource": "arn:aws:sqs:ap-southeast-2:111111111111:queue-name"
}
]
}