I've been using S3 pre-signed URLs for a while now and love their functionality. I'm curious if there's a similar option for message queues. I have a module in my setup that needs to process messages from a queue but I'd like it to do so without needing to manage a role or keys. My idea is to have my main module grant temporary permission, allowing the separate module to poll the queue for messages for a limited time. Is there a solution for this?
1 Answer
It sounds like you're trying to recreate IAM roles for resource access. Why not just go through the role approach? If you're using the CDK, it should be straightforward to set up.
The reason is that the module accessing the queue is installed on-premises, and I prefer to keep all the credentials stored in the backend.