sqs-dg-2009-02-01
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Amazon Simple Queue Service Developer Guide<br />
IAM-Related Features of SQS Policies<br />
Controlling User Access to Your<br />
AWS Account<br />
Topics<br />
• IAM-Related Features of SQS Policies (p. 62)<br />
• AWS IAM and SQS Policies Together (p. 64)<br />
• Amazon SQS ARNs (p. 66)<br />
• Amazon SQS Actions (p. 67)<br />
• Amazon SQS Keys (p. 68)<br />
• Example AWS IAM Policies for Amazon SQS (p. 68)<br />
• Using Temporary Security Credentials (p. 70)<br />
Amazon SQS has its own resource-based permissions system that uses policies written in the same<br />
language used for AWS Identity and Access Management (AWS IAM) policies. This means that you can<br />
achieve the same things with SQS policies that you can with AWS IAM policies. The main difference<br />
between using SQS policies versus AWS IAM policies is that you can grant another AWS Account<br />
permission to your queues with an SQS policy, and you can't do that with an AWS IAM policy.<br />
Note<br />
When you grant other AWS accounts access to your AWS resources, be aware that all AWS<br />
accounts can delegate their permissions to users under their accounts. This is known as<br />
cross-account access. Cross-account access enables you to share access to your AWS resources<br />
without having to manage additional users. For information about using cross-account access,<br />
go to Enabling Cross-Account Access in Using AWS Identity and Access Management.<br />
This section describes how the SQS policy system works with AWS IAM.<br />
IAM-Related Features of SQS Policies<br />
You can use an SQS policy with a queue to specify which AWS Accounts have access to the queue.You<br />
can specify the type of access and conditions (e.g., permission to use SendMessage, ReceiveMessage,<br />
if the request is before December 31, 2<strong>01</strong>0). The specific actions you can grant permission for are a<br />
API Version <strong>2009</strong>-<strong>02</strong>-<strong>01</strong><br />
62