Proposed new behavior:

When the queue is specified by URL, only the following permissions are needed: sqs:DeleteMessage, sqs:ReceiveMessage

Pull request URL provided.

Details:

If the queue is specified by URL, no high-privilege AWS actions are taken to check for the queue existence, or to create the queue in case it doesn't exist. If you've set things up with very limited AWS permissions, the plugin will work fine as long as you specified correct credentials and queue URL.