9 months ago


Amazon Simple Queue

Amazon Simple Queue Service Developer Guide Basic Use Cases for Access Control { } "Version":"2008-10-17", "Id":"UseCase4", "Statement" : [ { "Sid":"1", "Effect":"Deny", "Principal" : { "AWS": "123456789012" }, "Action":["sqs:SendMessage","sqs:ReceiveMessage"], "Resource": "/987654321000/queue2", } ] From these use cases, you can see that if you want to restrict access based on special conditions or deny someone access entirely, you need to read this appendix and learn how to write your own policies. You can also see that the policies themselves are not that complex and the access policy language is straightforward. API Version 2009-02-01 45

Amazon Simple Queue Service Developer Guide How to Write a Policy How to Write a Policy Topics • Basic Policy Structure (p. 46) • Element Descriptions (p. 47) • Supported Data Types (p. 55) This section describes how to write policies and gives reference information about each policy element. Basic Policy Structure Each policy is a JSON document. As illustrated in the following figure, a policy includes: • Optional policy-wide information (at the top of the document) • One or more individual statements Each statement includes the core information about a single permission. If a policy includes multiple statements, we apply a logical OR across the statements at evaluation time. If multiple policies are applicable to a request, we apply a logical OR across the policies at evaluation time. The information in a statement is contained within a series of elements. For information about these elements, see Element Descriptions (p. 47). API Version 2009-02-01 46