In Azure, if I were to configure a function app to post to a storage account queue, I would used managed identity for the authentication. This would remove any need to store credentials for the queue.
Does AWS have something equivalent to managed identity that could be used for a Lambda posting to SQS?
With Serverless Framework
provider:
iamRoleStatements:
- Effect: Allow
Action:
- sqs:SendMessage
- sqs:DeleteMessage
Resource:
- !GetAtt MyQueue.Arn
resources:
Resources:
MyQueue:
Type: "AWS::SQS::Queue"
Properties:
QueueName: ${self:custom.sqs.name}