serverless-application-model icon indicating copy to clipboard operation
serverless-application-model copied to clipboard
verified publisher icon aws

SQS:*Batch permissions aren't vaild permissions

Open kddejong opened this issue 1 year ago • 3 comments

The SQS permissions that end in Batch aren't valid. They are flagged by IAM access analyzer and not documented here

https://github.com/aws/serverless-application-model/blame/174f42a0da42f0113266d33f3e1681125ea9f78e/samtranslator/policy_templates_data/policy_templates.json#L2122

kddejong avatar Aug 12 '24 19:08 kddejong

An error occurred (AccessDenied) when calling the SendMessageBatch operation: User: arn:aws:iam::0123456789012:user/test is not authorized to perform: sqs:sendmessage on resource: arn:aws:sqs:us-west-2:0123456789012:test because no identity-based policy allows the sqs:sendmessage action

kddejong avatar Aug 12 '24 20:08 kddejong

Thanks for reporting. Let me see if I can track this down. I wonder if this was removed at some point? If so, we wouldn't be able to safely remove it without customer impact.

jfuss avatar Aug 13 '24 15:08 jfuss

Please see https://github.com/aws/serverless-application-model/issues/3731 for an update on the issue.

mbfreder avatar Mar 24 '25 19:03 mbfreder