How should a solutions architect provide access to the SQS queue?

By:
In: SAA-C02
Tagged:
With: 1 Comment
A development team is collaborating with another company to create an integrated product.The other company needs to access an Amazon Simple QueueService (Amazon SQS) queue that is contained in the development team’s account.The other company wants to poll the queue without giving up its own account permissions to do so.

How should a solutions architect provide access to the SQS queue?

Create an instance profile that provides the other company access to the SQS queue.

Create an IAM policy that provides the other company access to the SQS queue.

Create an SQS access policy that provides the other company access to the SQS queue.

Create an Amazon Simple Notification Service (Amazon SNS) access policy that provides the other company access to the SQS queue.

Explanations:

An instance profile is used to grant permissions to EC2 instances. It cannot directly provide access to SQS queues for users or external accounts.

An IAM policy alone cannot grant access to resources in another account without the resource policy explicitly allowing it. This would require further configuration on the SQS side.

An SQS access policy can be attached to the SQS queue to explicitly allow access from the other company’s AWS account. This enables the other company to poll the queue while keeping its own permissions intact.

An SNS access policy is not relevant here, as SNS and SQS are different services. Access to the SQS queue specifically needs to be managed through the SQS access policy.

2025-10-19

1 Comment

  1. Stephen
    Author

    I judge that the answer is:
    Create an SQS access policy that provides the other company access to the SQS queue.

Leave a Reply

Your email address will not be published. Required fields are marked *

five − 2 =