(sqs queue): ability to add secure transport condition
See original GitHub issueWhen adding a queue to cloudwatch events, I use add_target. However, it’s not straightforward to customize the resource policy that’s created. There’s an sqs queue policy with the principal get att to the cloudwatch rule, though no hook to expose the resource policy.
event_rule.add_target(event_targets.SqsQueue(queue))
Use Case
I need to add “aws:SecureTransport”.
Proposed Solution
Other
- 👋 I may be able to implement this feature request
- ⚠️ This feature might incur a breaking change
This is a 🚀 Feature Request
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Amazon SQS security best practices - AWS Documentation
Allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition in the queue policy to force requests to use SSL.
Read more >Amazon SQS security best practices - 亚马逊云科技
Allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition in the queue policy to force requests to use SSL. Consider using...
Read more >Amazon SQS Transport - Particular Software
In addition to the above permissions the queue subscribing to a topic needs sqs:SendMessage permission to enable the topics delivering messages ...
Read more >Send message to encrypted SQS queue from AWS accounts ...
In the dev-shared AWS account, create a customer managed KMS key named shared-app . Then create an SQS queue named shared-app-work that encrypts...
Read more >Automating Snowpipe for Amazon S3
Prerequisite: Create an Amazon SNS Topic and Subscription. Step 1: Subscribe the Snowflake SQS Queue to the SNS Topic. Step 2: Create a...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
For now I just used addToResourcePolicy and for the principal applied to all events service principal. That works for now as all service principals should be using TLS for this use case. And it’s scoped to the account so no external access.
There is a typo it has to be
aws:SecureTransport
notaws:secureTransport