Tutorial: Grant the SP-API Permission to an Amazon SQS Queue

To receive notifications from the Selling Partner API (SP-API) through Amazon Simple Queue Service (Amazon SQS), you must grant the SP-API permission to write to your Amazon SQS queue.

This tutorial covers how to accomplish this task in two ways: by using an AWS CloudFormation template or manually by using the Amazon SQS console.

Tutorial: Grant the SP-API Permission to an Amazon SQS queue by using an AWS CloudFormation template

The following tutorial shows how to grant permission to your Amazon SQS queue by using an AWS CloudFormation template. The AWS CloudFormation template automatically creates and configures the Amazon SQS queue.

Step 1. Copy the AWS CloudFormation template

Copy the following YAML code to a file.

AWSTemplateFormatVersion: 2010-09-09
Description: >-
  AWS CloudFormation Template to create a new SQS queue used to receive notifications from Notifications API.
Parameters:
  DestinationQueueName:
    Type: String
    Description: The name of the SQS queue to be created.
Resources:
  DestinationQueue:
    Type: 'AWS::SQS::Queue'
    Properties:
      QueueName: !Ref DestinationQueueName
  DestinationQueuePolicy:
    Type: 'AWS::SQS::QueuePolicy'
    Properties:
      Queues:
        - !Ref DestinationQueue
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Sid: AllowSPAPIAccess
            Effect: Allow
            Principal:
              AWS: '437568002678'
            Action:
              - 'sqs:GetQueueAttributes'
              - 'sqs:SendMessage'
            Resource: !GetAtt
              - DestinationQueue
              - Arn

Step 2. Sign in to the AWS CloudFormation console

Sign in to the AWS CloudFormation console.

Step 3. Specify an AWS CloudFormation template

To specify an AWS CloudFormation template, take the following steps:

1. In the AWS CloudFormation console, choose Create stack, and then select With new resources (standard).

2. On the Create stack page, under Specify template, select Upload a template file, and then choose the template that you copied at the beginning of this procedure.

3. Choose Next.

Step 4. Enter a name for the stack

For Provide a stack name, enter a name for the stack to create based on the AWS CloudFormation template that you uploaded.

Step 5. Enter a name for the destination Amazon SQS queue

For DestinationQueueName, enter a name for the Amazon SQS queue, and then choose Next.

Step 6. Configure stack options

To configure stack options, take the following steps:

1. On the Configure stack options page, keep the default settings, and then choose Next.

2. Review the configuration, and then choose Submit.

3. Wait until the stack is created successfully.

   The stack is created successfully when, on the Stacks detail page, the status of the stack is CREATE_COMPLETE.

Step 7. Get the ARN of the Amazon SQS queue

Take the following steps to get the Amazon Resource Name (ARN) of the Amazon SQS queue that you created.

1. Go to the Amazon SQS console.

   You should see your new queue in the list.

2. Choose the queue.

3. Under ARN, copy the Amazon Resource Name (ARN) for the queue.

   In Step 2 of Tutorial: Set up notifications (Amazon Simple Queue Service workflow), you pass the ARN to the createDestination operation by using the arn parameter.

Tutorial: Grant the SP-API Permission to an Amazon SQS queue by using the Amazon SQS console

The following tutorial shows how to grant permission to your Amazon SQS queue by manually configuring permissions in the Amazon SQS console.

Step 1. Sign in to the Amazon SQS console

Sign in to the Amazon SQS console.

Step 2. Select the Amazon SQS queue

Select the standard queue where you want to receive notifications.

Step 3. Open the policy editing page

To set permissions, take the following steps:

1. Choose the Queue Policies tab.

2. From the Access policy (Permissions) section, choose Edit.

   The Edit Queue page opens.

Step 4. Edit the queue policy

To edit the policy, take the following steps:

1. Scroll down to Access policy section, and then select the Policy generator link.

   The AWS Policy Generator opens in a new tab.

2. In Step 1 of the policy generator, select SQS Queue Policy.

3. In Step 2 of the policy generator, choose the following values, and then select Add Statement:

   • Set Effect to Allow.
   • Set Principal to 437568002678.
   • Set Actions to SendMessage and GetQueueAttributes.
   • Enter the SQS ARN value in Amazon Resource Name (ARN).
   • Choose Add Statement and verify the details.

4. In Step 3 of the policy generator, choose Generate Policy.

   A dialog box with the new policy opens.

Step 5. Copy and paste the policy

Take the following steps:

1. From the Policy JSON Document dialog box, copy the policy, and then choose Close.

2. In your browser, navigate back to the Amazon SQS queue, open the Access policy tab, and then paste the policy into the Access Policy (Permissions) section.

3. Choose Save.

Step 6. Note the ARN

Reference the queue's Details section and note the ARN for this queue. You will pass this value using the arn parameter when you call the createDestination operation in Step 2. Create a destination.

Step 7. Get the ARN of the Amazon SQS queue

In the queue details page, under ARN, copy the Amazon Resource Name (ARN) for the queue.

In Step 2 of Tutorial: Set up notifications (Amazon Simple Queue Service workflow), you pass the ARN to the createDestination operation by using the arn parameter.

Conclusion

In these tutorials, you learned how to grant the SP-API permission to your Amazon SQS queue in two ways: by using an AWS CloudFormation template or by using the Amazon SQS console. After you grant permissions, refer to Tutorial: Set up notifications (Amazon Simple Queue Service workflow) to learn how to call the Selling Partner API to send notifications to your queue.