sqs-dg-2009-02-01
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Amazon Simple Queue Service Developer Guide<br />
Element Descriptions<br />
"Effect":"Allow"<br />
Principal<br />
The Principal is the person or persons who receive or are denied permission according to the policy.<br />
You must specify the principal by using the principal's AWS account ID (e.g., 1234-5678-9<strong>01</strong>2, with or<br />
without the hyphens). You can specify multiple principals, or a wildcard (*) to indicate all possible users.<br />
You can view your account ID by logging in to your AWS account at http://aws.amazon.com and clicking<br />
Account Activity.<br />
In JSON, you use "AWS": as a prefix for the principal's AWS account ID. In the following example, two<br />
principals are included in the statement.<br />
"Principal":[<br />
"AWS": "123456789<strong>01</strong>2",<br />
"AWS": "999999999999"<br />
]<br />
NotPrincipal<br />
The NotPrincipal element is useful if you want to make an exception to a list of principals. You could<br />
use this, for example, if you want to prevent all AWS accounts except a certain one. The Principal is<br />
the person or persons who receive or are denied permission according to the policy. You must specify<br />
the principal by using the principal's AWS account ID (e.g., 1234-5678-9<strong>01</strong>2, with or without the hyphens).<br />
You can specify multiple principals, or a wildcard (*) to indicate all possible users. You can view your<br />
account ID by logging in to your AWS account at http://aws.amazon.com and clicking Account Activity.<br />
In JSON, you use "AWS": as a prefix for the principal's AWS account ID. In the following example, two<br />
principals are included in the statement.<br />
"Principal":[<br />
"AWS": "123456789<strong>01</strong>2",<br />
"AWS": "999999999999"<br />
]<br />
Action<br />
The Action is the specific type or types of access allowed or denied (for example, read or write). You<br />
can specify multiple values for this element. The values are free-form but must match values the AWS<br />
service expects (for more information, see Special Information for SQS Policies (p. 61)). You can use a<br />
wildcard (*) to give the principal access to all the actions the specific AWS service lets you share with<br />
other developers. For example, Amazon SQS lets you share only a particular subset of all the possible<br />
SQS actions. So, using the wildcard doesn't give someone full control of the queue; it only gives access<br />
to that particular subset of actions.<br />
"Action":["<strong>sqs</strong>:SendMessage","<strong>sqs</strong>:ReceiveMessage"]<br />
The prefix and the action name are case insensitive. For example, <strong>sqs</strong>:SendMessage is equivalent to<br />
SQS:sendmessage.<br />
API Version <strong>2009</strong>-<strong>02</strong>-<strong>01</strong><br />
49