Connecting to Amazon SQS using boto

5
votes

I am trying to connect to a Amazon SQS via the python boto library.

import boto3
sqs= boto3.resource('sqs')
for queue in sqs.queues.all():
    print(queue.url)

I have stored my credentials on the ~/.aws/credentials file 

[default]
aws_access_key_id=XXX
aws_secret_access_key=YYY
region=us-west-2

But when I execute the code I get an error

botocore.exceptions.ClientError: An error occurred (AccessDenied) when calling the ListQueues operation: Access to the resource https://us-west-2.queue.amazonaws.com/ is denied.

I tried connecting directly to the queue. LCqueue = sqs.get_queue_by_name(QueueName='myQueue')

But then it tells me there is no such queue. Even though I can see it on the AWS management console. Any ideas ?

I also get an error on my IAS managment console. where I cant list any users.

enter image description here enter image description here

4
pythonamazon-web-servicesamazon-sqsboto3

4 Answers

11
votes

Are you sure your user have SQS permission granted ?

Go to IAM services, select your user (the one you use from your CLI) and check the group/permission attached to your user.

If you don't have, you can search for SQS in the "Search IAM" box (top left)

enter image description here

Select "Attach entities to AmazonSQSReadOnlyAccess (or AmazonSQSFullAccess)" and attach the pre-defined policy on your user

4
votes

While the other answers also have their usefulness, my problem ended up just being that I needed to explicitly pass aws_access_key_id and aws_secret_access_key arguments to the boto3.client() call. (Having the [default] configuration in ~/.aws/credentials wasn't sufficient.)

import boto3
from django.conf import settings

sqs = boto3.client('sqs',
                   region_name=settings.AWS_DEFAULT_REGION,
                   aws_access_key_id=settings.AWS_ACCESS_KEY_ID,
                   aws_secret_access_key=settings.AWS_SECRET_ACCESS_KEY)

While I'm pulling from settings for these values, the values that are in settings are ultimately being pulled from env variables, i.e. don't just save your AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to your settings file and commit to Git. They're sensitive data and you'd also want to be able to update them on the fly, rather than recommitting, etc.

2
votes

I know this is old, but if someone gets to SO first: this could be because of the region you're trying to connect to.

I could access SQS in us-east-1 via aws web console, however trying to retrieve the messages from the queue in us-east-1 resulted in Access Denied from a python client.

Thankfully, from the github discussion: https://github.com/aws/aws-sdk-php/issues/188#issuecomment-258880267, I tried changing the region to the one where I was supposed to have permissions and I was able to receive messages from the queue created in that region.

0
votes

I ended up using the previous version of Boto (2)