Send cross AWS account message from Lambda to SQS

Question

I want to send a message to SQS queue on another account (Ohio) from lambda in North Virginia account. How can I achieve this?

Things I tried so far:

1. Created a queue in Ohio and gave lambda role arn to the queue.

2. Sent message from the lambda in North Virigina , got following error:

   "errorMessage": "An error occurred (AWS.SimpleQueueService.NonExistentQueue) when calling the SendMessage operation:

Answer 1

If you are sending cross-account messages, you have to do the following things.

1. In the account where the queue exists, you have to create an SQS access policy for the queue in order to allow for the other account to be able to send messages. I queue policy might look like this:

{
    "Version": "2012-10-17",
    "Id": "Queue1_Policy_UUID",
    "Statement": [
        {
            "Sid": "Queue1_AllActions",
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "arn:aws:iam::111122223333:role/lambdaRole"
                ]
            },
            "Action": [
                "sqs:SendMessage",
                "sqs:ReceiveMessage"
            ],
            "Resource": "arn:aws:sqs:us-east-2:123456789012:queue1"
        }
    ]
}

The principal here is the Lambda role from the account where the Lambda is deployed.

2. For your Lambda role you have to give permission to be able to send SQS messages to the queue from the other account (according to your question, you already did this).