sqs-dg-2009-02-01
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Amazon Simple Queue Service Developer Guide<br />
IAM-Related Features of SQS Policies<br />
subset of the overall list of SQS actions. When you write an SQS policy and specify * to mean "all the<br />
SQS actions", that means all actions in that subset.<br />
The following diagram illustrates the concept of one of these basic SQS policies that covers the subset<br />
of actions. The policy is for queue_xyz, and it gives AWS Account 1 and AWS Account 2 permission to<br />
use any of the allowed actions with the queue. Notice that the resource in the policy is specified as<br />
123456789<strong>01</strong>2/queue_xyz (where 123456789<strong>01</strong>2 is the AWS Account ID of the account that owns the<br />
queue).<br />
With the introduction of AWS IAM and the concepts of Users and Amazon Resource Names (ARNs), a<br />
few things have changed about SQS policies. The following diagram and table describe the changes.<br />
In addition to specifying which AWS Accounts have access to the queue, you can specify which<br />
Users in your own AWS Account have access to the queue.<br />
The Users can't be in another AWS Account.<br />
The subset of actions included in "*" has expanded (for a list of allowed actions, see Amazon<br />
SQS Actions (p. 67)).<br />
API Version <strong>2009</strong>-<strong>02</strong>-<strong>01</strong><br />
63