admin管理员组文章数量:1425740
I have a website that writes messages from the client side to an Amazon SQS Queue. Everybody is allowed to write to the queue. We have a server-side process that reads the queue messages and processes them.
The Queue is configured with write access to everybody, here is its policy:
{
"Version": "2012-10-17",
"Id": "arn:aws:sqs:.../SQSDefaultPolicy",
"Statement": [{
"Sid": "Sid1537097246229",
"Effect": "Allow",
"Principal": "*",
"Action": "SQS:SendMessage",
"Resource": "arn:aws:sqs:..."
}]
}
However, we can't seem to be able to write to the queue without an access key and secret key. The AWS SDK returns an error saying that credentials have not been provided. We're using the code as described in the AWS SQS documentation.
I have a website that writes messages from the client side to an Amazon SQS Queue. Everybody is allowed to write to the queue. We have a server-side process that reads the queue messages and processes them.
The Queue is configured with write access to everybody, here is its policy:
{
"Version": "2012-10-17",
"Id": "arn:aws:sqs:.../SQSDefaultPolicy",
"Statement": [{
"Sid": "Sid1537097246229",
"Effect": "Allow",
"Principal": "*",
"Action": "SQS:SendMessage",
"Resource": "arn:aws:sqs:..."
}]
}
However, we can't seem to be able to write to the queue without an access key and secret key. The AWS SDK returns an error saying that credentials have not been provided. We're using the code as described in the AWS SQS documentation.
Share Improve this question asked Sep 16, 2018 at 12:26 zmbqzmbq 39.1k15 gold badges106 silver badges186 bronze badges2 Answers
Reset to default 5I would not remend allowing unauthenticated access to an SQS queue, but if you have to do this then you should be able to make unauthenticated requests through the JavaScript SDK as follows:
const AWS = require('aws-sdk');
AWS.config.update({ region: 'us-east-1' });
const sqs = new AWS.SQS({ apiVersion: '2012-11-05' });
const params = {
DelaySeconds: 10,
MessageAttributes: {
Title: {
DataType: 'String',
StringValue: 'The Whistler',
},
Author: {
DataType: 'String',
StringValue: 'John Grisham',
},
},
MessageBody: 'NY Times fiction bestseller 12/11/2016.',
QueueUrl: 'QUEUE_URL_HERE',
};
sqs.makeUnauthenticatedRequest('sendMessage', params, (err, data) => {
if (err) {
console.log('Error', err);
} else {
console.log('Success', data.MessageId);
}
});
Your default policy with "Principal": "*" still requires that the sender provide some AWS principal. As stated in the Prerequisites of the document you provided:
Create a shared configurations file with your user credentials. For more information about providing a shared credentials file, see Loading Credentials in Node.js from the Shared Credentials File.
Have you considered using API Gateway as a proxy to your SQS queue? One example of doing so is defined at https://dzone./articles/creating-aws-service-proxy-for-amazon-sqs . I would remend setting up a proxy to the SQS and having a POST endpoint such as
POST::/myQueueName/messages
That will change how your users interact with the queue, but it allows you to lock down the queue to only a service user for reading and writing, which follows the least-privilege policy. Then your API Gateway endpoint can be protected with an API key, left wide-open to the internet, or even protected with IAM roles, based on your preferences.
本文标签: javascriptHow to write to a writeonly SQS queue without an access key and secret keyStack Overflow
版权声明:本文标题:javascript - How to write to a write-only SQS queue without an access key and secret key - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745441267a2658459.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论