Permissions for @turbot/aws-sqs
Taking a look at permissions and associated grant levels for each permission for SQS:
Permission | Grant Level | Help |
---|---|---|
sqs:AddPermission | Admin | Allows cross-account access. |
sqs:ChangeMessageVisibility | Operator | |
sqs:ChangeMessageVisibilityBatch | Operator | |
sqs:CreateQueue | Admin | |
sqs:DeleteMessage | Operator | |
sqs:DeleteMessageBatch | Operator | |
sqs:DeleteQueue | Admin | |
sqs:GetQueueAttributes | Metadata | |
sqs:GetQueueUrl | Metadata | |
sqs:ListDeadLetterSourceQueues | Metadata | |
sqs:ListQueueTags | Metadata | |
sqs:ListQueues | Metadata | |
sqs:PurgeQueue | Admin | |
sqs:ReceiveMessage | ReadOnly | |
sqs:RemovePermission | Admin | |
sqs:SendMessage | Operator | |
sqs:SendMessageBatch | Operator | |
sqs:SetQueueAttributes | Admin | Allows management of many attributes which are fine and necessary. Also allows managmenet of the queue policy which may include sharing across accounts - checked with a detective control. |
sqs:TagQueue | Operator | |
sqs:UntagQueue | Operator |