Permissions for @turbot/aws-sqs
Taking a look at permissions and associated grant levels for each permission for SQS:
| Permission | Grant Level | Help |
|---|---|---|
| sqs:AddPermission | Admin | Allows cross-account access. |
| sqs:ChangeMessageVisibility | Operator | |
| sqs:ChangeMessageVisibilityBatch | Operator | |
| sqs:CreateQueue | Admin | |
| sqs:DeleteMessage | Operator | |
| sqs:DeleteMessageBatch | Operator | |
| sqs:DeleteQueue | Admin | |
| sqs:GetQueueAttributes | Metadata | |
| sqs:GetQueueUrl | Metadata | |
| sqs:ListDeadLetterSourceQueues | Metadata | |
| sqs:ListQueueTags | Metadata | |
| sqs:ListQueues | Metadata | |
| sqs:PurgeQueue | Admin | |
| sqs:ReceiveMessage | ReadOnly | |
| sqs:RemovePermission | Admin | |
| sqs:SendMessage | Operator | |
| sqs:SendMessageBatch | Operator | |
| sqs:SetQueueAttributes | Admin | Allows management of many attributes which are fine and necessary. Also allows managmenet of the queue policy which may include sharing across accounts - checked with a detective control. |
| sqs:TagQueue | Operator | |
| sqs:UntagQueue | Operator |