SQS access to topic in another AWS account from my lambda

Hello, I haven’t been able to find the answer to this question but please let me know if I have missed it.

My scenario is I have my lambda in account 0001 and I need to read messages from an SQS queue in AWS account 0002.
The role “interestingrole” is created in account 0001 via Terraform and I would prefer to keep it that way. The SQS queue in account 0002 has a trust relationship set up for interestingrole in account 0001.
The policy looks like this
“Version”: “2012-10-17”,
“Statement”: [
“Sid”: “AllowMyRequest”,
“Effect”: “Allow”,
“Action”: [
“Resource”: “arn:aws:sqs:us-east-1:0002:interesting-queue”

In account 0002 a trust relationship has been set up with the role created in account 0001 (same as where the lambda runs). I don’t control account 0002.

If I in my serverless.yml creates a queue with same name and set the resource as 0001 instead of 0002 it will deploy just fine and also works to read messages from that queue but if I use account 0002 I get the deployment error " An error occurred: EventHandlerEventSourceMappingSQSCinterestingqueue - Invalid request provided: The provided execution role does not have permissions to call ReceiveMessage on SQS (Service: Lambda, Status Code: 400"

Do I need to set up AssumeRole in my serverless.yml or refer to the role I have created “interestingrole” in some other way? I couldn’t find an example for this particular case where my role is in the account I control and execute the lambda (0001) but the resource I want to access is in a different account.

I don’t have iAmRoleStatement configured for the queue currently.


handler: src/lambda.handler
- sqs: “arn:aws:sqs:us-east-1:0002:interesting-queue”

Thank you!