I am trying to add a policy to an existing iam user that can already perform crud on two s3 buckets here is the currently working policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "devcontrol",
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:Put*",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::blahimages/*",
"arn:aws:s3:::blahvideos/*"
]
}
]
}
An example policy from the documents for sqs is this
{
"Version": "2012-10-17",
"Statement":[{
"Effect":"Allow",
"Action":"sqs:*",
"Resource":"arn:aws:sqs:*:123456789012:bob_queue*"
}
]
}
So I tried this
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "devcontrol",
"Effect": "Allow",
"Action": [
"s3:Get*",
"s3:Put*",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::blahimages/*",
"arn:aws:s3:::blahvideos/*"
]
},
{
"Effect":"Allow",
"Action":"sqs:*",
"Resource":"arn:aws:sqs:*:myarn"
}
]
}
I did not get any parse errors but the simulator was still returning denied for the sqs queue
Also really I just want this user to be able to add messages to the queue, receive them and delete them whereas the above policy would add all actions I believe