Amazon SQS Policy Generator

Generate SQS queue policies from AWS Policy Generator action metadata and export JSON, Terraform, or CloudFormation snippets.

Step 1

Configure queue defaults

Set the region and account ID used when generating sample SQS queue ARNs.

RegionAccount ID

Step 2

Choose SQS actions

Filter on

The action list is scoped to AWS Policy Generator's SQS Queue Policy actions.

Step 3

Configure queue policy statements

No SQS actions selected yet.

Search for an SQS action above to start generating a queue policy.

Generated SQS queue policy

{
  "Version": "2012-10-17",
  "Statement": []
}

Generated from 20 SQS Queue Policy actions in AWS Policy Generator and enriched with Amazon SQS Service Authorization Reference metadata. Last updated 2026-05-21.

Need this implemented safely?

Lock down SQS access without breaking producers

We can help turn queue policies into secure AWS guardrails, decoupled messaging, and auditable infrastructure as code with an AWS Security Review or AWS CDK Review.

Explore AWS consulting services

Build SQS queue policies from AWS action metadata

This generator uses AWS Policy Generator's SQS Queue Policy action list and enriches it with Amazon SQS Service Authorization Reference metadata so you can build queue policies with actions, principals, resources, and condition keys in one place.

How to use the SQS policy generator

Configure the region and account ID used for generated sample queue ARNs.
Search for one of the SQS Queue Policy actions exposed by AWS Policy Generator.
Configure effect, queue resources, principals, and supported condition keys.
Copy the generated JSON, Terraform, or CloudFormation queue policy.

SQS queue policies are resource policies

SQS queue policies include a Principal element because the policy lives on the queue and defines who can send, receive, delete, purge, tag, or manage messages and queue settings at the queue boundary.

Need a different policy type? Switch to the IAM policy generator, S3 bucket policy generator, SNS topic policy generator, or VPC endpoint policy generator.

Frequently asked questions

Should I use an SQS queue policy or an IAM identity policy?

Use an IAM identity policy to grant permissions to users, roles, or applications in your account. Use an SQS queue policy when the permission must live on the queue itself, especially for cross-account producers, SNS subscriptions, EventBridge integrations, or resource-level guardrails.

Why does an SQS queue policy need a Principal?

SQS queue policies are resource policies. The Principal element identifies who the statement applies to, such as an AWS account, IAM role ARN, AWS service principal, federated principal, or wildcard.

Can SQS queue policies use service principals?

Yes. Service principals are useful when another AWS service needs to send messages to the queue. The generator reuses the generated AWS service principal dataset so you can search for entries such as sns.amazonaws.com or events.amazonaws.com.

Which condition should I use for SNS to SQS access?

For SNS topic subscriptions, combine a service principal such as sns.amazonaws.com with anaws:SourceArn condition that points at the publishing topic. That keeps the queue policy from allowing every SNS topic to send messages.

Can I use wildcard resources in an SQS queue policy?

You can use *, but queue policies are usually safer when scoped to one or more explicit queue ARNs. The wildcard option is useful for drafts or broad administrative statements, but production policies should normally target specific queues.

Can I use the generated output in Terraform or CloudFormation?

Yes. The JSON output is a standard SQS queue policy document, the Terraform output includes an aws_iam_policy_document data source with aws_sqs_queue_policy, and the CloudFormation output creates an AWS::SQS::QueuePolicy snippet.

Related tools

Amazon VPC Endpoint policy generator

Generate VPC endpoint policies from AWS Policy Generator action metadata and export JSON, Terraform, or CloudFormation snippets.

S3 Bucket Policy Generator

Generate S3 bucket policies from AWS Policy Generator action metadata and export JSON, Terraform, or CloudFormation snippets.

Amazon SNS Policy Generator

Generate SNS topic policies from AWS Policy Generator action metadata and export JSON, Terraform, or CloudFormation snippets.

Next step

Want AWS engineering that feels this practical?

I build these tools to make AWS easier to manage. If this level of quality is what you want in your own cloud platform, Towards The Cloud can help with landing zones, infrastructure as code, security reviews, migrations, and cost optimization.

Explore AWS services

← Back to tools