SQS Permissions for Lambda Function

Correct Answers: B, C and F.

Option A is incorrect because the Lambda function does not need to list SQS queues.

So the “sqs:ListQueues” permission is not required.

Option B is CORRECT because permission is needed for the Lambda function to delete messages.

Option C is CORRECT because this permission is required to retrieve one or more messages from the specified queue.

Option D is incorrect because the question does not mention the requirement to change the visibility timeout of a message in the queue.

Option E is incorrect because the “PurgeQueue” action deletes all messages in the queue, which is not mentioned in the question.

Option F is CORRECT because the “SendMessage” operation is needed for the Lambda function.

Reference:

To send messages to an SQS queue and fetch and delete messages from the queue, the Lambda IAM execution role must be granted the following three SQS permissions:

1. sqs:SendMessage - This permission is required to send messages to the SQS queue from the Lambda function.

2. sqs:ReceiveMessage - This permission is required to fetch messages from the SQS queue from the Lambda function.

3. sqs:DeleteMessage - This permission is required to delete messages from the SQS queue after processing them in the Lambda function.

The other options listed are not required for the stated task:

1. sqs:ListQueues - This permission is used to list all the available queues. It is not required for sending or receiving messages.

2. sqs:ChangeMessageVisibility - This permission is used to change the visibility timeout for a message. It is not required for sending or receiving messages.

3. sqs:PurgeQueue - This permission is used to delete all messages from a queue. It is not required for sending or receiving messages.

Therefore, the correct answer is A, B, and C: sqs:SendMessage, sqs:ReceiveMessage, and sqs:DeleteMessage.