I am trying to set SQS access policy where everyone expect me in the organization can not access the SQS. Below is the policy I am trying to set
"Statement":
{
"Sid": "DenyEveryone",
"Effect": "Deny",
"Principal": "*",
"Action": "SQS:*",
"Resource": "arn:aws:sqs:us-east-1:{accountnumber}:name-of-sqs",
"Condition": {
"StringNotEquals": {
"aws:arn": "arn:aws:sts::{accountnumber}:assumed-role/{Developer_AWS_Role}/{my_employee_id}"
}
}
}
When I try and do this, I get following error
Failed to save changes to the policy document. Reason: com.amazonaws.services.sqs.model.AmazonSQSException:
Value aws:arn for parameter Condition is invalid.
Reason: Conditions must be from Global context key list
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html.
(Service: AmazonSQS; Status Code: 400; Error Code: InvalidParameterValue; Request ID: {request_id})
Does anyone have an idea why am I not able to do this? Thanks