sqs-dg-2009-02-01

Amazon Simple Queue Service Developer Guide
Basic Use Cases for Access Control
}
]
}
}
"DateLessThan" : {
"AWS:CurrentTime":"2009-06-30T12:00Z"
}
Use Case 3
In this use case, you want to allow access to your queues only if the requests come from your Amazon
EC2 instances.
Again, you need to know how to write your own policy because the SQS AddPermission action doesn't
let you specify an IP address restriction when granting access to your queue.
The following example builds on the example in use case 2, and also includes a condition that restricts
access to the IP address range 10.52.176.0/24. So in this example, a request from AWS account
1234-5678-9012 to send or receive messages from queue2 would be allowed only if it came in before
noon on June 30, 2009, and it came from the 10.52.176.0/24 address range.
{
}
"Version":"2008-10-17",
"Id":"UseCase3",
"Statement" : [
{
"Sid":"1",
"Effect":"Allow",
"Principal" : {
"AWS": "123456789012"
},
"Action":["sqs:SendMessage","sqs:ReceiveMessage"],
"Resource": "/987654321000/queue2",
"Condition" : {
"DateLessThan" : {
"AWS:CurrentTime":"2009-06-30T12:00Z"
},
"IpAddress" : {
"AWS:SourceIp":"10.52.176.0/24"
}
}
}
]
Use Case 4
In this use case, you want to specifically deny a certain AWS account access to your queues.
Again, you need to know how to write your own policy because the SQS AddPermission action doesn't
let you deny access to a queue; it only lets you grant access.
The following example is the same as in the original use case (#1), except it denies access to the specified
AWS account.
API Version 2009-02-01
44