--- AWSTemplateFormatVersion: 2010-09-09 Description: "CloudFormation template for creating Amazon Simple Queue Service (Amazon SQS) queues and cross-account permission for Iridium CloudConnect to access the appropriate SQS queues. (qs-1qbcfsuje)" Metadata: QuickStartDocumentation: EntrypointName: Deploy into your desired Region. AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Iridium CloudConnect configuration Parameters: - IridiumRoleARN - MobileOriginatedQueueName - MobileTerminatedQueueName - MobileTerminatedConfirmationQueueName - MobileTerminatedErrorQueueName ParameterLabels: IridiumRoleARN: default: Iridium Role ARN MobileOriginatedQueueName: default: Mobile-originated queue name MobileTerminatedQueueName: default: Mobile-terminated queue name MobileTerminatedConfirmationQueueName: default: Mobile-terminated confirmation queue name MobileTerminatedErrorQueueName: default: Mobile-terminated error queue name Parameters: IridiumRoleARN: Description: Amazon Resource Number (ARN) of the role in the Iridium AWS account. Type: String AllowedPattern: 'arn:(aws|aws-cn|aws-us-gov):iam::.*:role/.*$' MobileOriginatedQueueName: Description: Name of the mobile-originated queue in Amazon SQS. Type: String Default: ICCMO.fifo MobileTerminatedQueueName: Description: Name of the mobile-terminated queue in Amazon SQS. Type: String Default: ICCMT.fifo MobileTerminatedConfirmationQueueName: Description: Name of the mobile-terminated confirmation queue in Amazon SQS. Type: String Default: ICCMTConfirmation.fifo MobileTerminatedErrorQueueName: Description: Name of the mobile-terminated error queue in Amazon SQS. Type: String Default: ICCMTErrors.fifo Resources: MobileOriginatedSQSQueue: Type: AWS::SQS::Queue Properties: FifoQueue: True QueueName: !Ref MobileOriginatedQueueName MobileTerminatedSQSQueue: Type: AWS::SQS::Queue Properties: FifoQueue: True QueueName: !Ref MobileTerminatedQueueName MobileTerminatedConfirmationSQSQueue: Type: AWS::SQS::Queue Properties: FifoQueue: True QueueName: !Ref MobileTerminatedConfirmationQueueName MobileTerminatedErrorSQSQueue: Type: AWS::SQS::Queue Properties: FifoQueue: True QueueName: !Ref MobileTerminatedErrorQueueName SQSQueueCrossAccountPolicy: Type: AWS::IAM::Policy DependsOn: - MobileOriginatedSQSQueue - SQSCrossAccountRole Properties: PolicyName: "allow-sqs-send-message" PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - sqs:SendMessage Resource: !Sub "arn:${AWS::Partition}:sqs:${AWS::Region}:${AWS::AccountId}:${MobileOriginatedSQSQueue.QueueName}" - Effect: Allow Action: - sqs:ReceiveMessage - sqs:DeleteMessage Resource: !Sub "arn:${AWS::Partition}:sqs:${AWS::Region}:${AWS::AccountId}:${MobileTerminatedSQSQueue.QueueName}" - Effect: Allow Action: - sqs:SendMessage Resource: !Sub "arn:${AWS::Partition}:sqs:${AWS::Region}:${AWS::AccountId}:${MobileTerminatedConfirmationSQSQueue.QueueName}" - Effect: Allow Action: - sqs:SendMessage Resource: !Sub "arn:${AWS::Partition}:sqs:${AWS::Region}:${AWS::AccountId}:${MobileTerminatedErrorSQSQueue.QueueName}" Roles: - !Ref 'SQSCrossAccountRole' SQSCrossAccountRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Principal: AWS: !Ref IridiumRoleARN Action: "sts:AssumeRole"