02.02.2018 Views

sqsputapi

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

Amazon Simple Queue Service Developer Guide<br />

Granting Anonymous Access to a Queue<br />

Permission<br />

SendMessage<br />

DeleteMessage<br />

ChangeMessageVisibility<br />

GetQueueAttributes<br />

Description<br />

This grants permission to send messages to the queue.<br />

This grants permission to delete messages from the queue.<br />

This grants permission to extend or terminate the read lock timeout of a<br />

specified message. For more information about visibility timeout, see Visibility<br />

Timeout (p. 8). For more information about this permission type, see the<br />

ChangeMessageVisibility operation.<br />

This grants permission to receive all of the queue attributes except the policy,<br />

which can only be accessed by the queue's owner. For more information,<br />

see the GetQueueAttributes operation..<br />

Permissions for each of the different permission types are considered separate permissions by Amazon<br />

SQS, even though * includes the access provided by the other permission types. For example, it is<br />

possible to grant both * and SendMessage permissions to a user, even though a * includes the access<br />

provided by SendMessage.<br />

This concept applies when you remove a permission. If a principal has only a * permission, requesting<br />

to remove a SendMessage permission does not leave the principal with an "everything but" permission.<br />

Instead, the request does nothing, because the principal did not previously possess an explicit<br />

SendMessage permission.<br />

If you want to remove * and leave the principal with just the ReceiveMessage permission, first add the<br />

ReceiveMessage permission, then remove the * permission.<br />

Tip<br />

You give each permission a label that identifies that permission. If you want to delete that<br />

permission in the future, you use that label to identify the permission.<br />

Note<br />

If you want to see what permissions are on a queue, use the GetQueueAttributes operation. The<br />

entire policy (containing all the permissions) is returned.<br />

Granting Anonymous Access to a Queue<br />

You can allow shared queue access to anonymous users. Such access requires no signature or Access<br />

Key ID.<br />

To allow anonymous access you must write your own policy, setting the Principal to *. For information<br />

about writing your own policies, see Using The Access Policy Language (p. 32).<br />

Caution<br />

Keep in mind that the queue owner is responsible for all costs related to the queue. Therefore<br />

you probably want to limit anonymous access in some other way (by time or IP address, for<br />

example).<br />

API Version 2009-02-01<br />

30

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!