Skip to main content

Privacera Documentation

Table of Contents

Access cross-account SQS queue for PostgreSQL audits on PrivaceraCloud

Prerequisites

Ensure the following prerequisites are met:

  • Access to AWS account with EC2 instance where Privacera Manager is configured.

  • Access to AWS account where SQS Queue is configured.

Procedure
  1. Get the ARN of the account where the SQS Queue instance is configured.

    1. Open the Amazon SQS console.

    2. From the left navigation pane, choose Queues. From the queue list, select the queue that you created.

    3. In the Details section, copy the ARN of the queue.

  2. Add the policy in the AWS SQS account to grant permissions to the AWS EC2 account.

    1. Open the Amazon SQS console.

    2. In the navigation pane, choose Queues.

    3. Choose a queue and choose Edit.

    4. Scroll to the Access policy section.

      sqs_queue_access_policy.jpg
    5. Add the access policy statements in the input box.

    6. In this JSON, change the string -core-services-eks-node-group-xxxxxxx to the ARN you obtained in the previous step.

      {
      "Version":"2012-10-17",
      "Id":"PolicyAllowSQS",
      "Statement":[
          {
              "Sid":"StmtAllowSQS",
              "Effect":"Allow",
              "Principal":{
                  "AWS":"${ROLE_ARN_non-core-services-eks-node-group-xxxxxxx}"
              },
              "Action":[
                  "sqs:DeleteMessage",
                  "sqs:GetQueueUrl",
                  "sqs:ListDeadLetterSourceQueues",
                  "sqs:ReceiveMessage",
                  "sqs:GetQueueAttributes"
              ],
              "Resource":"${SQS_QUEUE_ARN}"
          }
      ]
      }
    7. Click Save.