Tutorial: Grant the SP-API Permission to an Amazon SQS Queue
Learn how to grant permission to an Amazon SQS queue so that the Selling Partner API can publish notifications to your queue.
To receive notifications from the Selling Partner API (SP-API) through Amazon Simple Queue Service (Amazon SQS), you must grant the SP-API permission to write to your Amazon SQS queue.
This tutorial covers how to accomplish this task in two ways: by using an AWS CloudFormation template or manually by using the Amazon SQS console.
Tutorial: Grant the SP-API Permission to an Amazon SQS queue by using an AWS CloudFormation template
The following tutorial shows how to grant permission to your Amazon SQS queue by using an AWS CloudFormation template. The AWS CloudFormation template automatically creates and configures the Amazon SQS queue.
Step 1. Copy the AWS CloudFormation template
Copy the following YAML code to a file.
AWSTemplateFormatVersion: 2010-09-09
Description: >-
AWS CloudFormation Template to create a new SQS queue used to receive notifications from Notifications API.
Parameters:
DestinationQueueName:
Type: String
Description: The name of the SQS queue to be created.
Resources:
DestinationQueue:
Type: 'AWS::SQS::Queue'
Properties:
QueueName: !Ref DestinationQueueName
DestinationQueuePolicy:
Type: 'AWS::SQS::QueuePolicy'
Properties:
Queues:
- !Ref DestinationQueue
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: AllowSPAPIAccess
Effect: Allow
Principal:
AWS: '437568002678'
Action:
- 'sqs:GetQueueAttributes'
- 'sqs:SendMessage'
Resource: !GetAtt
- DestinationQueue
- Arn
Step 2. Sign in to the AWS CloudFormation console
Sign in to the AWS CloudFormation console.
Step 3. Specify an AWS CloudFormation template
To specify an AWS CloudFormation template, take the following steps:
-
In the AWS CloudFormation console, choose Create stack, and then select With new resources (standard).
-
On the Create stack page, under Specify template, select Upload a template file, and then choose the template that you copied at the beginning of this procedure.
-
Choose Next.
Step 4. Enter a name for the stack
For Provide a stack name, enter a name for the stack to create based on the AWS CloudFormation template that you uploaded.
Step 5. Enter a name for the destination Amazon SQS queue
For DestinationQueueName, enter a name for the Amazon SQS queue, and then choose Next.
Step 6. Configure stack options
To configure stack options, take the following steps:
-
On the Configure stack options page, keep the default settings, and then choose Next.
-
Review the configuration, and then choose Submit.
-
Wait until the stack is created successfully.
The stack is created successfully when, on the Stacks detail page, the status of the stack is CREATE_COMPLETE.
Step 7. Get the ARN of the Amazon SQS queue
Take the following steps to get the Amazon Resource Name (ARN) of the Amazon SQS queue that you created.
-
Go to the Amazon SQS console.
You should see your new queue in the list.
-
Choose the queue.
-
Under ARN, copy the Amazon Resource Name (ARN) for the queue.
In Step 2 of Tutorial: Set up notifications (Amazon Simple Queue Service workflow), you pass the ARN to the
createDestination
operation by using thearn
parameter.
Tutorial: Grant the SP-API Permission to an Amazon SQS queue by using the Amazon SQS console
The following tutorial shows how to grant permission to your Amazon SQS queue by manually configuring permissions in the Amazon SQS console.
Step 1. Sign in to the Amazon SQS console
Sign in to the Amazon SQS console.
Step 2. Select the Amazon SQS queue
Select the standard queue where you want to receive notifications.
Step 3. Open the policy editing page
To set permissions, take the following steps:
-
Choose the Queue Policies tab.
-
From the Access policy (Permissions) section, choose Edit.
The Edit Queue page opens.
Step 4. Edit the queue policy
To edit the policy, take the following steps:
-
Scroll down to Access policy section, and then select the Policy generator link.
The AWS Policy Generator opens in a new tab.
-
In Step 1 of the policy generator, select SQS Queue Policy.
-
In Step 2 of the policy generator, choose the following values, and then select Add Statement:
- Set Effect to Allow.
- Set Principal to
437568002678
. - Set Actions to
SendMessage
andGetQueueAttributes
. - Enter the SQS ARN value in Amazon Resource Name (ARN).
- Choose Add Statement and verify the details.
-
In Step 3 of the policy generator, choose Generate Policy.
A dialog box with the new policy opens.
Step 5. Copy and paste the policy
Take the following steps:
-
From the Policy JSON Document dialog box, copy the policy, and then choose Close.
-
In your browser, navigate back to the Amazon SQS queue, open the Access policy tab, and then paste the policy into the Access Policy (Permissions) section.
-
Choose Save.
Step 6. Note the ARN
Reference the queue's Details section and note the ARN for this queue. You will pass this value using the arn
parameter when you call the createDestination
operation in Step 2. Create a destination.
Step 7. Get the ARN of the Amazon SQS queue
In the queue details page, under ARN, copy the Amazon Resource Name (ARN) for the queue.
In Step 2 of Tutorial: Set up notifications (Amazon Simple Queue Service workflow), you pass the ARN to the createDestination
operation by using the arn
parameter.
Conclusion
In these tutorials, you learned how to grant the SP-API permission to your Amazon SQS queue in two ways: by using an AWS CloudFormation template or by using the Amazon SQS console. After you grant permissions, refer to Tutorial: Set up notifications (Amazon Simple Queue Service workflow) to learn how to call the Selling Partner API to send notifications to your queue.
Updated about 17 hours ago