sqsputapi
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Amazon Simple Queue Service Developer Guide<br />
Amazon SQS Keys<br />
Amazon SQS Keys<br />
Amazon SQS implements the following policy keys, but no others. For more information about policy<br />
keys, see Condition (p. 50).<br />
AWS-Wide Policy Keys<br />
• aws:CurrentTime (for date/time conditions)<br />
• aws:EpochTime (the date in epoch or UNIX time, for use with date/time conditions)<br />
• aws:SecureTransport (Boolean representing whether the request was sent using SSL)<br />
• aws:SourceIp (the requester's IP address, for use with IP address conditions)<br />
• aws:UserAgent (information about the requester's client application, for use with string conditions)<br />
If you use aws:SourceIp, and the request comes from an Amazon EC2 instance, we evaluate the<br />
instance's public IP address to determine if access is allowed.<br />
For services that use only SSL, such as Amazon RDS and Amazon Route 53, the aws:SecureTransport<br />
key has no meaning.<br />
The key names are case insensitive. For example, aws:CurrentTime is equivalent to AWS:currenttime.<br />
Example AWS IAM Policies for Amazon SQS<br />
This section shows several simple AWS IAM policies for controlling User access to Amazon SQS.<br />
Note<br />
In the future, Amazon SQS might add new actions that should logically be included in one of the<br />
following policies, based on the policy’s stated goals.<br />
Example 1: Allow a User to create and use his or her own queues<br />
In this example, we create a policy for Bob that lets him access all Amazon SQS actions, but only with<br />
queues whose names begin with the literal string bob_queue.<br />
Note<br />
Amazon SQS doesn't automatically grant the creator of a queue permission to subsequently use<br />
the queue. Therefore, in our AWS IAM policy, we must explicitly grant Bob permission to use all<br />
the SQS actions in addition to CreateQueue.<br />
{<br />
}<br />
"Statement":[{<br />
"Effect":"Allow",<br />
"Action":"sqs:*",<br />
"Resource":"arn:aws:sqs:*:123456789012:bob_queue*"<br />
}<br />
]<br />
API Version 2009-02-01<br />
68