sqs-dg-2009-02-01
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Amazon Simple Queue Service Developer Guide<br />
Amazon SQS Policy Examples<br />
}<br />
"Statement":<br />
{<br />
"Sid":"Queue1_AnonymousAccess_AllActions_WhitelistIP",<br />
"Effect": "Allow",<br />
"Principal": {<br />
"AWS": "*"<br />
},<br />
"Action": "<strong>sqs</strong>:*",<br />
"Resource": "/987654321098/queue1",<br />
"Condition" : {<br />
"IpAddress" : {<br />
"aws:SourceIp":"192.168.143.0/24"<br />
}<br />
}<br />
}<br />
The following example policy has two statements:<br />
• One that gives all users in the 192.168.143.0/24 range (except for 192.168.143.188) permission to use<br />
the SendMessage action for the queue named 987654321098/queue1.<br />
• One that blacklists all users in the 10.1.2.0/24 range from using the queue.<br />
{<br />
"Version": "2008-10-17",<br />
"Id": "Queue1_Policy_UUID",<br />
"Statement": [<br />
{<br />
"Sid":"Queue1_AnonymousAccess_SendMessage_IPLimit",<br />
"Effect": "Allow",<br />
"Principal": {<br />
"AWS": "*"<br />
},<br />
"Action": "<strong>sqs</strong>:SendMessage",<br />
"Resource": "/987654321098/queue1",<br />
"Condition" : {<br />
"IpAddress" : {<br />
"aws:SourceIp":"192.168.143.0/24"<br />
},<br />
"NotIpAddress" : {<br />
"aws:SourceIp":"192.168.143.188/32"<br />
}<br />
}<br />
},<br />
{<br />
"Sid":"Queue1_AnonymousAccess_AllActions_IPLimit_Deny",<br />
"Effect": "Deny",<br />
"Principal": {<br />
"AWS": "*"<br />
},<br />
"Action": "<strong>sqs</strong>:*",<br />
"Resource": "/987654321098/queue1",<br />
"Condition" : {<br />
"IpAddress" : {<br />
"aws:SourceIp":"10.1.2.0/24"<br />
}<br />
API Version <strong>2009</strong>-<strong>02</strong>-<strong>01</strong><br />
59