Why can't region and account ID be empty for SQS ARNs?

4196 views amazon-web-services
3

I'm using arn:aws:sqs:::queue_name for my AWS IAM policy, but I receive access denied errors when trying to access the queue from Python's AWS wrapper, boto3.

answered question

1 Answer

2

S3 bucket names are unique across all accounts and regions, which means you don't need to specify the region nor account ID. For S3 buckets, you can use the following ARN without issues: arn:aws:s3:::bucket_name. This will apply the ARN to a single bucket with name equal to bucket_name.

However, SQS queue names are not unique across accounts nor regions. That means you either need to specify the exact region or account ID, or use the wildcard * character, which means the ARN applies to all queues with the same name. I used arn:aws:sqs:*:*:queue_name to apply the ARN to all queues with name equal to queue_name.

posted this

Have an answer?

JD

Please login first before posting an answer.