sqs-dg-2009-02-01
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Amazon Simple Queue Service Developer Guide<br />
Element Descriptions<br />
NotAction<br />
The NotAction element is useful if you want to make an exception to a list of actions. You could use<br />
this, for example, if you want your users to be able to use only the SQS SendMessage.<br />
The following example refers to all actions other than the SQS SendMessage. You would use this in a<br />
policy with "Effect":"Deny" to keep users from accessing any other actions.<br />
"NotAction":"<strong>sqs</strong>:SendMessage"<br />
Resource<br />
The Resource is the object or objects the policy covers. The value can include a multi-character match<br />
wildcard (*) or a single-character match wildcard (?) anywhere in the string. The values are free-form,<br />
but must follow the format the AWS service expects. For example, for Amazon SQS, you specify a queue<br />
in the following format: //. For example:<br />
/987654321<strong>01</strong>2/queue1.<br />
"Resource":"/987654321000/queue2"<br />
Condition<br />
This section describes the Condition element and the information you can use inside the element.<br />
The Condition Block<br />
The Condition element is the most complex part of the policy statement. We refer to it as the condition<br />
block, because although it has a single Condition element, it can contain multiple conditions, and each<br />
condition can contain multiple key-value pairs. The following figure illustrates this. Unless otherwise<br />
specified for a particular key, all keys can have multiple values.<br />
When creating a condition block, you specify the name of each condition, and at least one key-value pair<br />
for each condition. AWS defines the conditions and keys you can use (they're listed in the subsequent<br />
sections). An example of a condition is NumericEquals. Let's say you have a fictional resource, and<br />
you want to let John use it only if some particular numeric value foo equals either A or B, and another<br />
numeric value bar equals C. Then you would create a condition block that looks like the following figure.<br />
API Version <strong>2009</strong>-<strong>02</strong>-<strong>01</strong><br />
50