unable create a sqs policy and not able to publish messages to sqs

[cloudeng]

using Terraform v0.6.8

provider "aws" {
    access_key = "${var.access_key}"
    secret_key = "${var.secret_key}"
    region = "${var.aws_region}"
}

resource "aws_sns_topic" "test_topic" {
  name = "${var.sns_name}" 
}

resource "aws_sqs_queue" "test-email-events" {
    name                       = "${var.sqs_name}"
    depends_on = ["aws_sns_topic.test_topic"]
    visibility_timeout_seconds = "${var.visibility_timeout}"
    message_retention_seconds  = "${var.retentiontimes}"
    max_message_size           = "${var.messagesize}"
    delay_seconds              = "${var.delay}"
    receive_wait_time_seconds  = "${var.waittime}"
    policy = <<EOF
  {
  "Id": "sqspolicy",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1451501026839",
      "Action": [
        "sqs:SendMessage"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:sqs:${var.aws_region}:${var.account_number}:${var.sqs_name}",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:${var.aws_region}:${var.account_number}:${var.sns_name}"
        }
      },
      "Principal": "*"
    }
  ]
}
EOF
}

resource "aws_sns_topic_subscription" "test_queue_target" {
    topic_arn = "${aws_sns_topic.test_topic.arn}"
    protocol  = "sqs"
    endpoint  = "${aws_sqs_queue.test-email-events.arn}"
}

[cloudeng]

HI @jen20 when you try run this template it will not show any error . it ran successfully , but when you see on aws console there will not be any policy under sqs

[jen20]

@cloudeng Thanks for the follow up information. We'll try to reproduce and fix whatever is causing this.

[cloudeng]

HI @jen20 any update , are you are able to reproduce above issue

[catsby]

Hey all – I rant the above config (changed a bit, to populate the variables) and had no problem creating a sqs_queue using Terraform version v0.6.14. Since this issue is from January and an older version, I'm going to consider this closed.

Sorry for the delay, and thank for writing in!

[catsby]

Also, I should mention that the policy structure is relevant here, it should be in this format and order:

{
  "Version": "2012-10-17",
  "Id": "sqspolicy",
  "Statement": [
    {
      "Sid": "Stmt1451501026839",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sqs:${var.aws_region}:${var.account_number}:${var.sqs_name}",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:${var.aws_region}:${var.account_number}:${var.sns_name}"
        }
      }
    }
  ]
}

Noticeable changes:

• ordering of fields
• because you only have a single Action, AWS will reformat your list into just a string

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.