Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(sqs queue): ability to add secure transport condition

See original GitHub issue

When adding a queue to cloudwatch events, I use add_target. However, it’s not straightforward to customize the resource policy that’s created. There’s an sqs queue policy with the principal get att to the cloudwatch rule, though no hook to expose the resource policy.

event_rule.add_target(event_targets.SqsQueue(queue))

Use Case

I need to add “aws:SecureTransport”.

Proposed Solution

Other

  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request

Issue Analytics

  • State:open
  • Created 2 years ago
  • Reactions:2
  • Comments:6 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
0xjjoyycommented, May 14, 2021

For now I just used addToResourcePolicy and for the principal applied to all events service principal. That works for now as all service principals should be using TLS for this use case. And it’s scoped to the account so no external access.

0reactions
frankwesecommented, May 17, 2022

enforce_tls_statement = iam.PolicyStatement( sid=“Enforce TLS for all principals”, effect=iam.Effect.DENY, principals=[ iam.AnyPrincipal(), ], actions=[ “sqs:*”, ], resources=[queue.queue_arn], conditions={ “Bool”: {“aws:secureTransport”: “false”}, }, )

There is a typo it has to be aws:SecureTransport not aws:secureTransport

Read more comments on GitHub >

github_iconTop Results From Across the Web

Amazon SQS security best practices - AWS Documentation
Allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition in the queue policy to force requests to use SSL.
Read more >
Amazon SQS security best practices - 亚马逊云科技
Allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition in the queue policy to force requests to use SSL. Consider using...
Read more >
Amazon SQS Transport - Particular Software
In addition to the above permissions the queue subscribing to a topic needs sqs:SendMessage permission to enable the topics delivering messages ...
Read more >
Send message to encrypted SQS queue from AWS accounts ...
In the dev-shared AWS account, create a customer managed KMS key named shared-app . Then create an SQS queue named shared-app-work that encrypts...
Read more >
Automating Snowpipe for Amazon S3
Prerequisite: Create an Amazon SNS Topic and Subscription. Step 1: Subscribe the Snowflake SQS Queue to the SNS Topic. Step 2: Create a...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

(aws-ecs): Can't delete a stack with ASG Capacity providers

Next page

@aws-cdk/aws-ec2.InterfaceVpcEndpoint Fails Test