IAM Roles

figure19

Optionally review the IAM permissions in your lab. Revisit the IAM permissions assigned to the Sales App and Reports Engine EC2 instances as covered during Section 1 Part 1: Gateway Endpoint IAM Roles.

Notice that the SalesApp role has the permissions to execute “sqs:SendMessage” and “sqs:ReceiveMessage”. Notice that the ReportsEngine role has the permissions to execute “sqs:ReceiveMessage” and “sqs:DeleteMessage”