SQS:*Batch permissions aren't vaild permissions

aws / serverless-application-model

The AWS Serverless Application Model (AWS SAM) transform is a AWS CloudFormation macro that transforms SAM templates into CloudFormation templates.

https://aws.amazon.com/serverless/sam

Apache License 2.0

9.33k stars 2.38k forks source link

SQS:*Batch permissions aren't vaild permissions #3633

Open kddejong opened 1 month ago

kddejong commented 1 month ago

The SQS permissions that end in Batch aren't valid. They are flagged by IAM access analyzer and not documented here

https://github.com/aws/serverless-application-model/blame/174f42a0da42f0113266d33f3e1681125ea9f78e/samtranslator/policy_templates_data/policy_templates.json#L2122

kddejong commented 1 month ago

An error occurred (AccessDenied) when calling the SendMessageBatch operation: User: arn:aws:iam::0123456789012:user/test is not authorized to perform: sqs:sendmessage on resource: arn:aws:sqs:us-west-2:0123456789012:test because no identity-based policy allows the sqs:sendmessage action

jfuss commented 1 month ago

Thanks for reporting. Let me see if I can track this down. I wonder if this was removed at some point? If so, we wouldn't be able to safely remove it without customer impact.