I have a function that triggers the SQS, I am randomly getting a 403 error on it. The function is working as a toggle (work, not work)
importRole:
Type: AWS::IAM::Role
Properties:
Path: /${self:custom.projectName}/${self:custom.serviceName}/importProduct/
RoleName: ${self:service.name}-importProductRole-${self:custom.defaultStage}
AssumeRolePolicyDocument:
<<: *assumeRoleDoc
Policies:
- PolicyName: ${self:service.name}-importProductRole-${self:custom.defaultStage}-logs-policy
PolicyDocument:
<<: *logsPolicy
- PolicyName: ${self:service.name}-importProductRole-${self:custom.defaultStage}-function-policy
PolicyDocument:
Version: '2012-10-17'
Statement:
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:BatchWriteItem
Resource: {Fn::GetAtt: [ProductsTable, Arn]}
- Effect: Allow
Action:
- dynamodb:GetItem
- dynamodb:BatchWriteItem
Resource:
- arn:aws:dynamodb:${self:custom.defaultRegion}:#{AWS::AccountId}:table/${self:provider.environment.XYZ_TABLE}
- Effect: Allow
Action:
- s3:GetObject
- s3:PutObject
- s3:DeleteObject
Resource:
- arn:aws:s3:::${self:custom.dataBucketName}
- arn:aws:s3:::${self:custom.dataBucketName}/temp/*
- arn:aws:s3:::${self:custom.dataBucketName}/export/*
- arn:aws:s3:::${self:custom.dataBucketName}/import/*
- PolicyName: ${self:service.name}-crystal-${self:custom.defaultStage}-sqs-queues-policy
PolicyDocument: &sqsPolicy
Version: "2012-10-17"
Statement:
- Effect: Allow
Action:
- sqs:SendMessage
Resource: arn:aws:sqs:${self:custom.defaultRegion}:#{AWS::AccountId}:${self:custom.projectName}-dispatcher-in-${self:custom.defaultStage} -
this is the error
2021-04-16T16:20:07.009Z 06a408b4-1edf-4f2e-a73a-2c4872e28d6e INFO Error:
{
"message": "Error in Sending SQS messages",
"event": {
"message": "Access to the resource https://sqs.eu-central-1.amazonaws.com/ is denied.",
"code": "AccessDenied",
"time": "2021-04-16T16:20:06.990Z",
"requestId": "7c70e329-69c1-58aa-b50f-bbdad2b7b038",
"statusCode": 403,
"retryable": false,
"retryDelay": 76.44151151516239
}
}