Views
3 weeks ago

sqs-dg-2009-02-01

Amazon Simple Queue

Amazon Simple Queue Service Developer Guide Amazon SQS Policy Examples } "Statement": { "Sid":"Queue1_AnonymousAccess_AllActions_WhitelistIP", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "sqs:*", "Resource": "/987654321098/queue1", "Condition" : { "IpAddress" : { "aws:SourceIp":"192.168.143.0/24" } } } The following example policy has two statements: • One that gives all users in the 192.168.143.0/24 range (except for 192.168.143.188) permission to use the SendMessage action for the queue named 987654321098/queue1. • One that blacklists all users in the 10.1.2.0/24 range from using the queue. { "Version": "2008-10-17", "Id": "Queue1_Policy_UUID", "Statement": [ { "Sid":"Queue1_AnonymousAccess_SendMessage_IPLimit", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "sqs:SendMessage", "Resource": "/987654321098/queue1", "Condition" : { "IpAddress" : { "aws:SourceIp":"192.168.143.0/24" }, "NotIpAddress" : { "aws:SourceIp":"192.168.143.188/32" } } }, { "Sid":"Queue1_AnonymousAccess_AllActions_IPLimit_Deny", "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "sqs:*", "Resource": "/987654321098/queue1", "Condition" : { "IpAddress" : { "aws:SourceIp":"10.1.2.0/24" } API Version 2009-02-01 59

Amazon Simple Queue Service Developer Guide Amazon SQS Policy Examples ] } } } The following example policy enables a connection between the Amazon Simple Notification Service topic specified by the Amazon Resource Name (ARN) arn:aws:sns:us-east-1:599169622985:test-topic and the queue named arn:aws:sqs:us-east-1:599169622985:test-topic-queue. { } "Version": "2008-10-17", "Id": "SNStoSQS", "Statement": { "Sid":"rule1", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "sqs:*", "Resource": "arn:aws:sqs:us-east-1:599169622985:test-topic-queue", "Condition" : { "StringEquals" : { "aws:SourceArn":"arn:aws:sns:us-east-1:599169622985:test-topic" } } } API Version 2009-02-01 60

amgrade sqs-dg-2009-02-01