How to grant access to SQS in Serverless.yml


I am trying to grant access to a SQS queue thru the serverless.yml. Below is applicable part of serverless.yml granting permission (I’ve changed my id and queue name for obvious reasons). Am I formatting the arn improperly somehow?

name: aws
runtime: python3.6

- Effect: "Allow"
- “sqs:SendMessage”
- “sqs:GetQueueUrl”
- "sqs:ListQueues"
Resource: “arn:aws:sqs:us-east-1:000000000000:MyQueue.fifo”

If I use this wildcard resource it works without error

Resource: “arn:aws:sqs:us-east-1::

If I use the commented wildcard Resource line instead the code works. The Python code throwing the error is:
for queue in sqs.queues.all():

The error being thrown is:
“errorMessage”: “An error occurred (AccessDenied) when calling the ListQueues operation: Access to the resource is denied.”,
“errorType”: “ClientError”



You need to grant sqs:ListQueues to arn:aws:sqs:region:account_id:* while the other permissions can be granted to individual queues.


@buggy thanks for the response. That is correct. I had found it in the documentation. It makes sense that you would need permission to all the queues in order to list them out. I refactored my application so I don’t use that method anymore thus reducing the rights the role needs in order to execute the function.