Create IAM policy

Navigate to IAM in the AWS console

Under Access management in the sidebar menu click Policies

Click Create policy

Select the JSON tab and delete the default text.
Copy and paste in the JSON below. Replace <sqs arn> with the SQS ARN you saved in an earlier step. Using the example from this document <sqs arn> would be replaced with arn:aws:sqs:us-east-2:307946633993:netflow1-queue. Replace <bucketname> with your S3 bucket name created in a previous step.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "sqs:DeleteMessage",
        "sqs:GetQueueUrl",
        "sqs:ReceiveMessage",
        "sqs:GetQueueAttributes",
        "s3:ListBucket*",
        "s3:GetObject*",
        "s3:DeleteObject*"
      ],
      "Resource": [
        "<sqs arn>",
        "arn:aws:s3:::<bucketname>/*",
        "arn:aws:s3:::<bucketname>"
      ]
    }
  ]
}

The result should look like the following

Click Next

Give the policy a name

Click Create policy

PreviousSubscribe to Amazon SNS topic NextCreate custom role

Last updated 6 hours ago

Good evening