localstack does not create access policy in sqs queue

Question

I want to allow access in publishing message to a sqs queue from a sns topic. I have following possible in a json file:

{
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "sns.amazonaws.com"
      },
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sns:eu-central-1:000000000000:ses_events_topic"
    }
  ]
}

I am using localstack to trigger the messages. I add the policy with this command:

aws --endpoint-url=http://localhost:4566 sqs set-queue-attributes --queue-url http://localhost:4566/000000000000/ses_events_queue --attributes file://set_queue_attributes.json --profile test-profile --region eu-central-1 --output table | cat

I get this error message:

An error occurred (InvalidAttributeName) when calling the SetQueueAttributes operation: Unknown Attribute Statement.

Actually I get an unknown attribute no matter what key I use. It's weird because this is from the documentation: https://docs.aws.amazon.com/sns/latest/dg/subscribe-sqs-queue-to-sns-topic.html#SendMessageToSQS.iam.permissions

My suspicion is that this code snippet is just for the aws console (gui), but can't be used when using localstack aws cli. If it's so,

I think I have to add a permision manually:

aws sqs add-permission --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue --label SendMessagesFromMyQueue --aws-account-ids 12345EXAMPLE --actions SendMessage

but then comes the question, what should I put in --aws-account-ids if I am using localstack?

this question is related with https://stackoverflow.com/questions/74436394/sending-email-via-ses-in-localstack-with-an-event-destination-with-a-sns-topic — AlbertMunichMar, Nov 14 '22 at 23:16

localstack does not create access policy in sqs queue

0 Answers0