问题描述

目前我有问题，让我的员工连接到SQS。下面是日志：

Currently I'm having issues to allow my worker to connect to SQS. Here is the log:

2014-07-21T21:37:26Z error: AWS::SQS::Errors::AccessDenied: Access to the resource https://sqs.eu-west-1.amazonaws.com/343152361204/dev-compose-request is denied.

DEV-撰写请求是队列的名称。

我的（上午）的能够发布消息，从我的其他ElasticBeanStalk Web应用程序（服务器层）到这个队列中。

I am able to post messages from my other ElasticBeanStalk WebApp (server-tier) into this Queue.

我的工人层是一个安全组，它允许任何出站连接。

My Worker Tier is in a security-group which allows any outbound connection.

推荐答案

听起来类似于：AWS魔豆，工人无法启动SQS守护AWS-sqsd

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/AWSHowTo.iam.roles.aeb.html#AWSHowTo.iam.policies.actions.worker

您可以确保与环境有关的IAM实例配置文件（可能被命名为AWS-elasticbeanstalk-EC2-作用，但可以被命名为别的东西也一样）在上面的链接中列出的所有权限？（复制以下供参考）

Can you make sure the IAM Instance profile associated with your environment (may be named aws-elasticbeanstalk-ec2-role but could be named something else as well) has all permissions listed in the link above?(Copied below for reference)

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "QueueAccess",
      "Action": [
        "sqs:ChangeMessageVisibility",
        "sqs:DeleteMessage",
        "sqs:ReceiveMessage"
      ],
      "Effect": "Allow",
      "Resource": "*"
    },
    {
      "Sid": "MetricsAccess",
      "Action": [
        "cloudwatch:PutMetricData"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

这篇关于亚马逊ElasticBeanStalk工人层无法连接到SQS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！