diff --git a/packages/aws/_dev/build/docs/README.md b/packages/aws/_dev/build/docs/README.md
index 0b14ef493ea..29e9e1b523f 100644
--- a/packages/aws/_dev/build/docs/README.md
+++ b/packages/aws/_dev/build/docs/README.md
@@ -43,6 +43,10 @@ Each of these APIs may generate extra charges on your AWS Account. Refer to [AWS
 | S3 GetObject                 | 1                                                                                                                                                                                                                  | Per object per collection period                                   | logs related only    |
 | SecurityHub GetFindings      | Total number of results / GetFindings max page size ( 100, based on [AWS API GetFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html)                                           | Per region per collection period                                   | AWS Security Hub     |                      |
 | SecurityHub GetInsights      | Total number of results / GetInsights max page size ( 100, based on [AWS API GetInsights](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsights.html)                                           | Per region per collection period                                   | AWS Security Hub     |                      | 
+| SQS ReceiveMessage | 1 | Every 20s minimum (more frequent if messages are waiting) | logs related only (S3 notifications) |
+| SQS DeleteMessage | 1 | Once per received message | logs related only (S3 notifications) |
+| SQS ChangeMessageVisibility | 1 | When message processing exceeds 150s | logs related only (S3 notifications) |
+| SQS GetQueueAttributes | 1 | Every minute to capture queue depth metric | logs related only (S3 notifications) |
 
 ### Metrics collection and cost considerations
 
@@ -177,10 +181,13 @@ make sure these permissions are given:
 * `organizations:ListAccounts`
 * `rds:DescribeDBInstances`
 * `rds:ListTagsForResource`
+* `s3:GetBucketLocation`
 * `s3:GetObject`
+* `s3:ListBucket`
 * `sns:ListTopics`
 * `sqs:ChangeMessageVisibility`
 * `sqs:DeleteMessage`
+* `sqs:GetQueueAttributes`
 * `sqs:ListQueues`
 * `sqs:ReceiveMessage`
 * `sts:AssumeRole`
diff --git a/packages/aws/changelog.yml b/packages/aws/changelog.yml
index e395cf32fd8..7f0f26d18c2 100644
--- a/packages/aws/changelog.yml
+++ b/packages/aws/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.36.1"
+  changes:
+    - description: Add SQS API calls documentation and required S3 permissions.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/12072
 - version: "2.36.0"
   changes:
     - description: Add ELB connection logs dashboards for application load balancers.
diff --git a/packages/aws/docs/README.md b/packages/aws/docs/README.md
index 5bcc921dca5..8fe2ff88763 100644
--- a/packages/aws/docs/README.md
+++ b/packages/aws/docs/README.md
@@ -43,6 +43,10 @@ Each of these APIs may generate extra charges on your AWS Account. Refer to [AWS
 | S3 GetObject                 | 1                                                                                                                                                                                                                  | Per object per collection period                                   | logs related only    |
 | SecurityHub GetFindings      | Total number of results / GetFindings max page size ( 100, based on [AWS API GetFindings](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetFindings.html)                                           | Per region per collection period                                   | AWS Security Hub     |                      |
 | SecurityHub GetInsights      | Total number of results / GetInsights max page size ( 100, based on [AWS API GetInsights](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_GetInsights.html)                                           | Per region per collection period                                   | AWS Security Hub     |                      | 
+| SQS ReceiveMessage | 1 | Every 20s minimum (more frequent if messages are waiting) | logs related only (S3 notifications) |
+| SQS DeleteMessage | 1 | Once per received message | logs related only (S3 notifications) |
+| SQS ChangeMessageVisibility | 1 | When message processing exceeds 150s | logs related only (S3 notifications) |
+| SQS GetQueueAttributes | 1 | Every minute to capture queue depth metric | logs related only (S3 notifications) |
 
 ### Metrics collection and cost considerations
 
@@ -177,10 +181,13 @@ make sure these permissions are given:
 * `organizations:ListAccounts`
 * `rds:DescribeDBInstances`
 * `rds:ListTagsForResource`
+* `s3:GetBucketLocation`
 * `s3:GetObject`
+* `s3:ListBucket`
 * `sns:ListTopics`
 * `sqs:ChangeMessageVisibility`
 * `sqs:DeleteMessage`
+* `sqs:GetQueueAttributes`
 * `sqs:ListQueues`
 * `sqs:ReceiveMessage`
 * `sts:AssumeRole`
diff --git a/packages/aws/manifest.yml b/packages/aws/manifest.yml
index c827227bb44..4f3f9fc37b1 100644
--- a/packages/aws/manifest.yml
+++ b/packages/aws/manifest.yml
@@ -1,7 +1,7 @@
 format_version: 3.0.0
 name: aws
 title: AWS
-version: 2.36.0
+version: 2.36.1
 description: Collect logs and metrics from Amazon Web Services (AWS) with Elastic Agent.
 type: integration
 categories: