If I want to pub/sub to Amazon MQ from an EC2 instance, do I need to attach a specific IAM policy to the instance? I didn't see anything of the sort in the documentation I read about MQ but it feels off not to.
Asked
Active
Viewed 94 times
1
-
1You can use IAM identity-based policies, to specify allowed or denied actions and resources as well as the conditions under which actions are allowed or denied – Arpit Jain Feb 14 '23 at 05:51
-
Sorry for the stupid question (I'm struggling a bit with IAM)... The list of actions supported by MQ seem to be more "administrative" i.e. create broker, describe user etc... rather than "operational" such as publish a message. If I wanted to publish a message from n app in EC2, would I only need the username/pwd confg'd in the broker and no IAM policy? I get a bit confused b/c S3 for example has actions for put / get object etc... and I don't see something similar here – AfterWorkGuinness Feb 14 '23 at 15:37
-
1I looked in the AWS document for you but couldn't find anything useful. Also, I checked in the IAM management console for all the access levels for MQ, and they are only "administrative," as you mentioned :( – Arpit Jain Feb 14 '23 at 18:33