sqs-dg-2009-02-01

More documents

Recommendations

Info

Amazon Simple Queue Service Developer Guide Element Descriptions "Effect":"Allow" Principal The Principal is the person or persons who receive or are denied permission according to the policy. You must specify the principal by using the principal's AWS account ID (e.g., 1234-5678-9012, with or without the hyphens). You can specify multiple principals, or a wildcard (*) to indicate all possible users. You can view your account ID by logging in to your AWS account at http://aws.amazon.com and clicking Account Activity. In JSON, you use "AWS": as a prefix for the principal's AWS account ID. In the following example, two principals are included in the statement. "Principal":[ "AWS": "123456789012", "AWS": "999999999999" ] NotPrincipal The NotPrincipal element is useful if you want to make an exception to a list of principals. You could use this, for example, if you want to prevent all AWS accounts except a certain one. The Principal is the person or persons who receive or are denied permission according to the policy. You must specify the principal by using the principal's AWS account ID (e.g., 1234-5678-9012, with or without the hyphens). You can specify multiple principals, or a wildcard (*) to indicate all possible users. You can view your account ID by logging in to your AWS account at http://aws.amazon.com and clicking Account Activity. In JSON, you use "AWS": as a prefix for the principal's AWS account ID. In the following example, two principals are included in the statement. "Principal":[ "AWS": "123456789012", "AWS": "999999999999" ] Action The Action is the specific type or types of access allowed or denied (for example, read or write). You can specify multiple values for this element. The values are free-form but must match values the AWS service expects (for more information, see Special Information for SQS Policies (p. 61)). You can use a wildcard (*) to give the principal access to all the actions the specific AWS service lets you share with other developers. For example, Amazon SQS lets you share only a particular subset of all the possible SQS actions. So, using the wildcard doesn't give someone full control of the queue; it only gives access to that particular subset of actions. "Action":["sqs:SendMessage","sqs:ReceiveMessage"] The prefix and the action name are case insensitive. For example, sqs:SendMessage is equivalent to SQS:sendmessage. API Version 2009-02-01 49
Amazon Simple Queue Service Developer Guide Element Descriptions NotAction The NotAction element is useful if you want to make an exception to a list of actions. You could use this, for example, if you want your users to be able to use only the SQS SendMessage. The following example refers to all actions other than the SQS SendMessage. You would use this in a policy with "Effect":"Deny" to keep users from accessing any other actions. "NotAction":"sqs:SendMessage" Resource The Resource is the object or objects the policy covers. The value can include a multi-character match wildcard (*) or a single-character match wildcard (?) anywhere in the string. The values are free-form, but must follow the format the AWS service expects. For example, for Amazon SQS, you specify a queue in the following format: //. For example: /987654321012/queue1. "Resource":"/987654321000/queue2" Condition This section describes the Condition element and the information you can use inside the element. The Condition Block The Condition element is the most complex part of the policy statement. We refer to it as the condition block, because although it has a single Condition element, it can contain multiple conditions, and each condition can contain multiple key-value pairs. The following figure illustrates this. Unless otherwise specified for a particular key, all keys can have multiple values. When creating a condition block, you specify the name of each condition, and at least one key-value pair for each condition. AWS defines the conditions and keys you can use (they're listed in the subsequent sections). An example of a condition is NumericEquals. Let's say you have a fictional resource, and you want to let John use it only if some particular numeric value foo equals either A or B, and another numeric value bar equals C. Then you would create a condition block that looks like the following figure. API Version 2009-02-01 50
Page 1 and 2: Amazon Simple Queue Service Develop
Page 51: Amazon Simple Queue Service Develop

sqs-dg-2009-02-01

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?