AWS SQS example AccessDenied AmazonServiceException

Background of SQS

SQS (Simple Queue Service) is a fast, reliable, scalable, fully managed message queuing service offered by AWS.

You may also heard of SNS, so what’s the difference between those two services offered by Amazon?

In short, SNS (Simple Notification Service) is a Publish-Subscribe Service for Mobile and Enterprise Messaging. Messages are pushed to subscribers (in the form of email, sms, etc) when they are sent by publishers to SNS. SQS is just a queuing system, messages are not pushed to receivers, instead, they are pulled by the receivers.

Get started with SQS

Following the “Get Started in Fewer than 10 lines of Code” link,

For Java Developers, there’s a link to install the AWS SDK for Java

Then there are two downloads options

  • AWS SDK for Java
  • AWS Toolkit for Eclipse

If you choose the Toolkit for Eclipse, here are the steps

  • Open Help -> Install New Software….
  • Copy-n-paste https://aws.amazon.com/eclipse in the text box labeled “Work with” at the top of the dialog.
  • After loading, Select “AWS Development Tools” from the list below.
  • Click “Next.” Eclipse guides you through the remaining installation steps.
  • After installation, Eclipse will need to be restarted in order to activate the tools.
  • Next, the tool will ask you to provide credentials

https://github.com/aws/aws-sdk-java/tree/master/src/samples/AmazonSimpleQueueService

2. Chose “IAM” link

iam

3. Click “Users” on the left pane

iam-user

4. Once user is created, select it, then click “User Actions” –>”Manage Access Keys”

iam-user-key

5. Click “Create Access Key” to generate a new key, at the end of the window, choose to download the credential

iam-user-key-create

6. Once the key is generated and credential downloaded, save it in a safe place.

7. Go back to Eclipse, to fill in the credential, alternatively, you can edit the following file to add credential

  • C:\Users\YourName\.aws\credentials (Windows)
  • ~/.aws/credentials (Unix/Linux)

===credentials file content===
[default]
aws_access_key_id=AKIAJddfdrereereADDMA
aws_secret_access_key=CXWj0g/de87878743jkddfdioP

8. Give user permission to access your “SQS service” (this is very important, otherwise you will run into error like this

Caught an AmazonServiceException, which means your request made it to Amazon SQS, but was rejected with an error response for some reason.
Error Message: Access to the resource https://sqs.us-west-2.amazonaws.com/ is denied. (Service: AmazonSQS; Status Code: 403; Error Code: AccessDenied; Request ID: a0b062e6-d8e4-ereerec78827)
HTTP Status Code: 403
AWS Error Code: AccessDenied
Error Type: Client

9. Double click on user you just created, click on “Permission”, then click on “Attach Policy”

sqs3

10. In the pop-up window, type “sqs” to quickly locate “AmazonSQSFullAccess”, give this permission to the new users

sqs4

 

11. Now you can try out the SimpleQueueServiceSample in your Eclipse

Click File –> New –> Others

eclipse-0

 

12. Select AWS Java Project, then Next

eclipse-1

 

13. Check on “Amazon Simple Queue Service sample”

eclipse-2

 

14. You will get a sample java created under your project

eclipse-3

15. Click Eclipse “Run” menu to run it, it will create a new queue, add message, list messages, delete messages and delete queue.

16. Last but not least, the queue is AWS region specific. The sample Java file uses us-west-2 region,

AmazonSQS sqs = new AmazonSQSClient(credentials);
Region usWest2 = Region.getRegion(Regions.US_WEST_2);
sqs.setRegion(usWest2);

You can comment out the sqs.deleteMessage and sqs.deleteQueue code so you can check the queue on AWS console. But you need to go here to check the queue: https://console.aws.amazon.com/sqs/home?region=us-west-2

If you default region is us-east-1, you may not be able to see it: https://console.aws.amazon.com/sqs/home?region=us-east-1

(Visited 788 times, 4 visits today)

Leave a Reply