sqs-dg-2009-02-01

Weitere Magazine

Empfehlungen

Info

Amazon Simple Queue Service Developer GuideElement DescriptionsLet's say you also want to restrict John's access to after January 1, 2009. Then you would add anothercondition, DateGreaterThan, with a date equal to January 1, 2009. The condition block would then looklike the following figure.As illustrated in the following figure, we always apply a logical AND to the conditions within a conditionblock, and to the keys within a condition. We always apply a logical OR to the values for a single key. Allconditions must be met to return an allow or an explicit deny decision. If a condition isn't met, the resultis a default deny.API Version 2009-02-0151
Amazon Simple Queue Service Developer GuideElement DescriptionsAs mentioned, AWS defines the conditions and keys you can use (for example, one of the keys isaws:CurrentTime, which lets you restrict access based on the date and time). The AWS service itselfcan also define its own service-specific keys. For a list of available keys, see Available Keys (p. 52).For a concrete example that uses real keys, let's say you want to let John access your Amazon SQSqueue under the following three conditions:• The time is after 12:00 noon on 8/16/2010• The time is before 3:00 p.m. on 8/16/2010• The request comes from an IP address within the 192.168.176.0/24 range or the 192.168.143.0/24rangeYour condition block has three separate conditions, and all three of them must be met for John to haveaccess to your queue.The following shows what the condition block looks like in your policy."Condition" : {"DateGreaterThan" : {"aws:CurrentTime" : "2009-04-16T12:00:00Z"},"DateLessThan": {"aws:CurrentTime" : "2009-04-16T15:00:00Z"},"IpAddress" : {"aws:SourceIp" : ["192.168.176.0/24","192.168.143.0/24"]}}Available KeysAWS provides a set of common keys supported by all AWS services that adopt the access policy languagefor access control. These keys are:• aws:CurrentTime—For date/time conditions (see Date Conditions (p. 54))• aws:EpochTime—The date in epoch or UNIX time, for use with date/time conditions (see DateConditions (p. 54))• aws:SecureTransport—Boolean representing whether the request was sent using SSL (see BooleanConditions (p. 54))• aws:SourceArn—The Amazon Resource Name (ARN) of the source (see Amazon Resource Name(ARN) (p. 55))• aws:SourceIp—The requester's IP address, for use with IP address conditions (see IP Address (p. 55))• aws:UserAgent—Information about the requester's client application, for use with string conditions(see String Conditions (p. 53))The key names are case insensitive. For example, aws:CurrentTime is equivalent to AWS:currenttime.NoteIf you use aws:SourceIp, and the request comes from an Amazon EC2 instance, we evaluatethe instance's public IP address to determine if access is allowed.Each AWS service that uses the access policy language might also provide service-specific keys. For alist of any service-specific keys you can use, see Special Information for SQS Policies (p. 61).API Version 2009-02-0152
Seite 1 und 2:
Amazon Simple Queue ServiceDevelope
Seite 3 und 4: Amazon Simple Queue Service Develop
Seite 53: Amazon Simple Queue Service Develop
Alle anzeigen

sqs-dg-2009-02-01

Sie wollen auch ein ePaper? Erhöhen Sie die Reichweite Ihrer Titel.

Template löschen?

Als Template speichern?