Accessing Cross Account SQS Queue for Postgres Audits

Prerequisites

Ensure the following prerequisites are met:

• Access to AWS account with EC2 instance where Privacera Manager is configured.
• Access to AWS account where SQS Queue is configured.

Configuration

1. Get the ARN of the account where the EC2 instance is running.

   1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

   2. In the navigation pane, choose Instances.

   3. Search for your instance and select it.

   4. In the Security tab, click the link in the IAM Role.

      

   5. Copy the ARN of the IAM Role.

2. Get the ARN of the account where the SQS Queue instance is configured.

   1. Open the Amazon SQS console at https://console.aws.amazon.com/sqs/.

   2. From the left navigation pane, choose Queues. From the queue list, select the queue that you created.

   3. In the Details section, copy the ARN of the queue.

3. Add the policy in the AWS SQS account to grant permissions to the AWS EC2 account.

   1. Open the Amazon SQS console at https://console.aws.amazon.com/sqs/.

   2. In the navigation pane, choose Queues.

   3. Choose a queue and choose Edit.

   4. Scroll to the Access policy section.

      

   5. Add the access policy statements in the input box.

      {
      "Version":"2012-10-17",
      "Id":"PolicyAllowSQS",
      "Statement":[
          {
              "Sid":"StmtAllowSQS",
              "Effect":"Allow",
              "Principal":{
                  "AWS":"${EC2_INSTANCE_ROLE_ARN}"
              },
              "Action":[
                  "sqs:DeleteMessage",
                  "sqs:GetQueueUrl",
                  "sqs:ListDeadLetterSourceQueues",
                  "sqs:ReceiveMessage",
                  "sqs:GetQueueAttributes"
              ],
              "Resource":"${SQS_QUEUE_ARN}"
          }
      ]
      }
      

   6. When you finish configuring the access policy, choose Save.

   7. After saving, copy the SQS queue URL in the Details section.