hello123
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Amazon Simple Queue Service Developer Guide<br />
Granting Anonymous Access to a Queue<br />
Permission<br />
SendMessage<br />
DeleteMessage<br />
ChangeMessageVisibility<br />
GetQueueAttributes<br />
Description<br />
This grants permission to send messages to the queue.<br />
This grants permission to delete messages from the queue.<br />
This grants permission to extend or terminate the read lock timeout of a<br />
specified message. For more information about visibility timeout, see Visibility<br />
Timeout (p. 8). For more information about this permission type, see the<br />
ChangeMessageVisibility operation.<br />
This grants permission to receive all of the queue attributes except the policy,<br />
which can only be accessed by the queue's owner. For more information,<br />
see the GetQueueAttributes operation..<br />
Permissions for each of the different permission types are considered separate permissions by Amazon<br />
SQS, even though * includes the access provided by the other permission types. For example, it is<br />
possible to grant both * and SendMessage permissions to a user, even though a * includes the access<br />
provided by SendMessage.<br />
This concept applies when you remove a permission. If a principal has only a * permission, requesting<br />
to remove a SendMessage permission does not leave the principal with an "everything but" permission.<br />
Instead, the request does nothing, because the principal did not previously possess an explicit<br />
SendMessage permission.<br />
If you want to remove * and leave the principal with just the ReceiveMessage permission, first add the<br />
ReceiveMessage permission, then remove the * permission.<br />
Tip<br />
You give each permission a label that identifies that permission. If you want to delete that<br />
permission in the future, you use that label to identify the permission.<br />
Note<br />
If you want to see what permissions are on a queue, use the GetQueueAttributes operation. The<br />
entire policy (containing all the permissions) is returned.<br />
Granting Anonymous Access to a Queue<br />
You can allow shared queue access to anonymous users. Such access requires no signature or Access<br />
Key ID.<br />
To allow anonymous access you must write your own policy, setting the Principal to *. For information<br />
about writing your own policies, see Using The Access Policy Language (p. 32).<br />
Caution<br />
Keep in mind that the queue owner is responsible for all costs related to the queue. Therefore<br />
you probably want to limit anonymous access in some other way (by time or IP address, for<br />
example).<br />
API Version 2009-02-01<br />
30