Views
2 weeks ago

sqs-dg-2009-02-01

Amazon Simple Queue

Amazon Simple Queue Service Developer Guide Evaluation Logic If someone sends a request from Antarctica, the condition is met, and the policy's result is therefore an explicit deny. The distinction between a default deny and an explicit deny is important because a default deny can be overridden by an allow, but an explicit deny can't. For example, let's say there's another policy that allows requests if they arrive on June 1, 2010. How does this policy affect the overall outcome when coupled with the policy restricting access from Antarctica? We'll compare the overall outcome when coupling the date-based policy (we'll call Policy B) with the preceding policies A1 and A2. Scenario 1 couples Policy A1 with Policy B, and Scenario 2 couples Policy A2 with Policy B. The following figure and discussion show the results when a request comes in from Antarctica on June 1, 2010. API Version 2009-02-01 41

Amazon Simple Queue Service Developer Guide Basic Use Cases for Access Control In Scenario 1, Policy A1 returns a default deny, as described earlier in this section. Policy B returns an allow because the policy (by definition) allows requests that come in on June 1, 2010. The allow from Policy B overrides the default deny from Policy A1, and the request is therefore allowed. In Scenario 2, Policy B2 returns an explicit deny, as described earlier in this section. Again, Policy B returns an allow. The explicit deny from Policy A2 overrides the allow from Policy B, and the request is therefore denied. Basic Use Cases for Access Control This section gives a few examples of typical use cases for access control. API Version 2009-02-01 42