Cross Account Access là gì
Khi Account 2 muốn lấy message từ SQS của Account 1 thì cần config Policy như sau:
json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Queue1_AllActions",
"Effect": "Allow",
"Principal": {
"AWS": ["222222222222"]
},
"Action": "sqs:ReceiveMessage",
"Resource": "arn:aws:sqs:us-east-1:111111111111"
}
]
}
Publish S3 Event Notifications
json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "example-statement-ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": ["SQS:SendMessage"],
"Resource": "arn:aws:sqs:<region>:<account-id></account-id>:queue1",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:s3:*:*:bucket1"
},
"StringEquals": {
"aws:SourceAccount": "<bucket-owner-account-id>"
}
}
}
]
}