02.02.2018 Views

sqsputapi

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

Amazon Simple Queue Service Developer Guide<br />

Using the Access Policy Language<br />

Using the Access Policy Language<br />

The following figure and table describe the general process of how access control works with the access<br />

policy language.<br />

Process for Using Access Control with the Access Policy Language<br />

1<br />

2<br />

3<br />

4<br />

5<br />

6<br />

You write a policy for your resource.<br />

For example, you write a policy to specify permissions for your Amazon SQS queues. For more<br />

information, see How to Write a Policy (p. 46).<br />

You upload your policy to AWS.<br />

The AWS service itself provides an API you use to upload your policies. For example, you use<br />

the Amazon SQS SetQueueAttributes action to upload a policy for a particular Amazon SQS<br />

queue.<br />

Someone sends a request to use your resource.<br />

For example, a user sends a request to SQS to use one of your queues.<br />

The AWS service determines which policies are applicable to the request.<br />

For example, SQS looks at all the available SQS policies and determines which ones are applicable<br />

(based on what the resource is, who the requester is, etc.).<br />

The AWS service evaluates the policies.<br />

For example, SQS evaluates the policies and determines if the requester is allowed to use your<br />

queue or not. For information about the decision logic, see Evaluation Logic (p. 39).<br />

The AWS service either denies the request or continues to process it.<br />

For example, based on the policy evaluation result, the service either returns an "Access denied"<br />

error to the requester or continues to process the request.<br />

Related Topics<br />

• Architectural Overview (p. 36)<br />

API Version 2009-02-01<br />

38

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!