AWS Certified Solutions Architect – Associate (SAA-C02) — Question 324

A development team is collaborating with another company to create an integrated product. The other company needs to access an Amazon Simple Queue
Service (Amazon SQS) queue that is contained in the development team's account. The other company wants to poll the queue without giving up its own account permissions to do so.
How should a solutions architect provide access to the SQS queue?

Answer options

• A. Create an instance profile that provides the other company access to the SQS queue.
• B. Create an IAM policy that provides the other company access to the SQS queue.
• C. Create an SQS access policy that provides the other company access to the SQS queue.
• D. Create an Amazon Simple Notification Service (Amazon SNS) access policy that provides the other company access to the SQS queue.

Correct answer: C

Explanation

An SQS access policy is a resource-based policy that can directly grant another AWS account permission to interact with the queue, allowing them to poll it without switching roles or losing their own permissions. In contrast, standard IAM policies cannot grant cross-account access directly to external users, and instance profiles are designed specifically for EC2 instances. SNS access policies are used to manage permissions for SNS topics, not SQS queues.