AccessDenied: Access to the resource https://sqs.eu-west-1.amazonaws.com/ is denied.
Closed this issue ยท 3 comments
Help me Jeremy Jeremy, you're my only hope. ๐ค
Thank you for building this plugin for us.
I've been trying to get a Lambda to 'sqs:SendMessage'.
So I have deployed the stack successfully and I run sls offline cloudside --stage=prod --aws-profile=prod
.
When I post to the handler to send the message to the queue, I've debugged and I can see the url fine in the form of "https://sqs.eu-west-1.amazonaws.com/0000000000000/sls-prod-myQueue".
But when I run await sqs.sendMessage(params).promise();
in my handler, I get this...
{
"message": "Access to the resource https://sqs.eu-west-1.amazonaws.com/ is denied.",
"code": "AccessDenied",
"time": "2019-07-17T16:44:08.059Z",
"requestId": "c9f0405b-1901-57f2-a692-15f24b967222",
"statusCode": 403,
"retryable": false,
"retryDelay": 22.371497804991503
}
The iamRoleStatements
is correct as the Lambda runs fine when deployed.
Before I started using the cloudside plugin, I used to have everything set up locally, which is really "not elegant". I'd love to use this plugin, but I dread I'm doing something really wrong... ๐
Thank you so much in advance!
I also checked my sls deploy role and it has full access to SQS actions and all resources - I was hoping that it wouldn't.
Hi @mapsi,
Glad you're finding the plugin useful. This sounds like the profile you're using locally doesn't have access to SQS. I'm assuming this is what you mean by your "deploy" role?
- Jeremy
@jeremydaly you're absolutely right.
I started a clean example and indeed sls invoke cloudside
and sls offline cloudside
work a treat.
I need to brush up on my IAM skills as it seems.
Looking forward to the SAGA pattern blog post. ๐ฅณ
Angel