Debugging SQS::QueuePolicy in AWS

At work I needed to deploy an SQS queue along with policies to restrict access to the correct roles.

I came across an annoying error, which took way to long to figure out.

I originally started writing this as I assumed it would be some obscure problem that could affect other people… reality it was more of a typo, but i’ll write about it anyway.

The error i got when trying to deploy via serverless was:

An error occurred: SQSQueuePolicy – Invalid value for the parameter Policy. (Service: AmazonSQS; Status Code: 400; Error Code: InvalidAttributeValue; Request ID XXXXX)

This wasn’t that helpful, since 90% of this resource was the policy.

Eventually I ended up copying a policy from the AWS website, and then comparing my copy to theirs, moving parts of the Statement block over and testing.

In the end i had my entire policy in their structure, and it worked. So i ran a diff…..turns out i had – Sid:: SendReceiveDelete rather than – Sid: SendReceiveDelete.

It would be really good if AWS could improve the error message to highlight at least the line of the policy that has an issue…it would have saved a lot of time!

Getting settled in

It’s now the Sunday of my first complete week in Sweden.

I hoped I’d have sorted more out than I have. After being offered a job last week, I got the contract through on Tuesday and went straight down to Skatteverket to register and get a personnummer.

This seemed to go well, as the person there said we’d brought down more than enough evidence. As Sofia & I have lived together for the last few years, I was eligible for a personnummer on two counts. First because I have a job in Sweden, and second because me and Sofia have lived and do live together. The person at skatteverket gave the same estimate as she gave to Sofia when she reregistered as being in Sweden – upto two months! However Sofia got reregistered within a few days, so I’m hoping it goes quicker for me too. I’ve read online people in the last month getting their number through within a week, so perhaps something may arrive next Monday or Tuesday….

What is a personnummer?

A personnummer is essentially like a national insurance number in the UK, however whilst in the UK it only really is used related to tax and benefits, in Sweden it’s used for absolutely everything.

After going to Skatteverket we went to a bank to try and get a bank account, however was told that I can’t do that without Swedish ID. This seems to be slightly incorrect, as the law apparently is like the UK where they need to be able to confirm my identity. As the personnummer is used for everything, an ID with this on confirms my identity. However, it does seem that it should be possible without a personnummer and  just using my EU passport.

We may go down again next week and try again.

The long journey

A few days ago I completed quite a long drive from the UK to Sweden. The journey length was about 1100 miles. The route I took was :


All in all I spread the drive over three days, the first driving in the afternoon to Dover where I stayed over night. Then on the next morning I took the ferry over to Dunkirk with my brother and we drove through France, Belgium, the Netherlands to Bremen, Germany. Then the final day we drove Bremen to Sweden.

It was a long drive, and ideally it would have been better to spend a few more days and get to see a little more, however we had to try and get there as soon as possible.

Now, I’ve got to get setup with everything I need to start my new job at the end of October.

The final countdown

Yesterday we finally exchanged contracts on the sale of our house. That means that on the 28th September we will complete the sale, and can begin our move to Sweden.

We’ve been planning this for a while now, so it’s quite exciting to finally know that it’s happening – though also slightly nerve racking, given the large number of things to organise before completion.

I still need to find work, which I’m in the process of applying for a number of jobs. Hopefully I’m able to find something interesting to work on.

Client auto connect with openvpn

This is here for my future reference more than anything. I have a Raspberry Pi   (Referred to as Raspberry Pi A = rpA) that dials into another raspberry pi (referrred to as Raspberry Pi B = rpB) I have at home. Due to limits on the router rpA is connected to, I can’t setup any port forwarding – meaning there’s no easy way to connect into it. To solve this, I set up an openvpn server on rpB, that rpA dials into. I can then connect via the tunnel that’s created.

I don’t have easy physical access to rpA, so it needs to be able to come back up following a power outage etc, so I’ve added various bits of automation and reporting to keep an eye on things. It reports to my web server, so if there’s a problem with the vpn, but the rest of things are working, I can see this and it will help me narrow down the issue

Recently rpA stopped responding both via vpn and to my web server. I was able to get someone to check it had power, was connected to the router etc, so the assumption now is that it’s either a physical hardware problem, or a corrupt sd card. I did keep a backup of the sd card, however got rid of it a few months ago during some over enthusiastic tidying up of my server.

When I first setup rpA, I had some issues getting openvpn to autostart and connect – I have come across the same issues now setting the new image up, so am documenting the solution here:

First this assumes you’ve setup your openvpn server,  and then created some keys – there’s plenty of instructions online that talk you through adding the keys, and then creating an OPVN file – this is a file that contains the configuration as well as the various keys needed to connect.

I use password protected certificates to connect to the vpn. The first issue to overcome is how to supply the password on autostart. Adding the following line to the client config achieves this:

askpass /etc/openvpn/server.pass

And then that file contains the password for your certificate.

Looking in /etc/init.d/openvpn we can see it sources /etc/default/openvpn for some variables. Let’s look there. In /etc/default/openvpn there’s this line:


This needs uncommenting, and will mean on startup openvpn will connect to each *.conf file in /etc/openvpn/

However, when you run :

service openvpn start

/var/log/daemon.log only reads:

Aug 28 12:38:36 rpA systemd[1]: Started OpenVPN service.


Answer: Systemd.

I don’t understand why both configs are supplied – surely if being installed on a system that uses systemd, we should just install the systemd start scripts?

Nevermind. What we need to do is symlink in info to our vpn, and enable that through systemctl:

Openvpn under systemd controls which profiles to start by adding openvpn@<Name of Config File>.service.

First, symlink the openvpn@.service into your systemd directory using the name of your config file in /etc/openvpn/. For example, if you have /etc/openvpn/myConfig.conf you would type:

ln -s /lib/systemd/system/openvpn@.service /etc/systemd/system/openvpn@myConfig.service

We then need to enable and start the service:

systemctl enable openvpn@myConfig.service
systemctl start openvpn@myConfig.service

We should then check it’s started. Looking in /var/log/daemon.log should show us more output, plus we can check the network adapters to make sure we have the correct tunnel adapter:


tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

That looks fine. Next try a reboot and make sure your connection is re-established!

Crème Caramel



  • 160g sugar


  • 6 medium eggs
  • 1 tsp vanilla essence
  • 25g caster sugar
  • 600ml full-fat milk


  1. Pre-heat oven 150C. Warm the ramekins in the oven, so they are warm when the caramel is poured in.
  2. Pour the sugar and six tablespoons of water into a clean stainless steel pan.
  3. Dissolve the sugar slowly, stirring with a wooden spoon over a low heat.
  4. When there are no sugar granules left, stop stirring and boil until the sugar turns a dark copper colour.
  5. Remove immediately from the heat to ensure the caramel does not burn. Quickly pour the caramel into the warmed ramekins.
  6. Set aside to cool and become hard. (Do not put in the fridge because the sugar will absorb moisture and go soft and tacky).
  7. Once hard, butter the sides of the ramekins above the level of the caramel.
  8. For the custard, whisk the eggs, vanilla extract and caster sugar together in a bowl until well mixed.
  9. Pour the milk into a saucepan, gently heat over a low heat until you can still just dip your finger in for a moment, then strain the milk through a fine sieve onto the egg mixture in the bowl.
  10. Whisk together until smooth, then pour the mixture into the prepared ramekins.
  11. Stand the ramekins in a roasting tin and fill the tin half-way with boiling water from a kettle.
  12. Cook in the oven for about 20-30 minutes or until the custard has set. Do not overcook the custard – check around the edges of the dishes, to make sure no bubbles are appearing.
  13. Take the crème caramels out of the oven, remove the ramekins from the tray and set on a cooling rack. When cool, transfer to the fridge overnight so that the caramel is absorbed into the custard.
  14. To serve, loosen the sides of the custard by tipping the ramekin and loosen with a small palette knife round the edges. Place a serving dish on top of the ramekin and turn upside down.


Pouring caramel into pudding moulds