AWS
4 weeks subscription
4 weeks subscription
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Amazon Simple Queue Service Developer Guide<br />
Amazon SQS Policy Examples<br />
}<br />
"Statement":<br />
{<br />
"Sid":"Queue1_AnonymousAccess_AllActions_WhitelistIP",<br />
"Effect": "Allow",<br />
"Principal": {<br />
"<strong>AWS</strong>": "*"<br />
},<br />
"Action": "sqs:*",<br />
"Resource": "/987654321098/queue1",<br />
"Condition" : {<br />
"IpAddress" : {<br />
"aws:SourceIp":"192.168.143.0/24"<br />
}<br />
}<br />
}<br />
The following example policy has two statements:<br />
• One that gives all users in the 192.168.143.0/24 range (except for 192.168.143.188) permission to use<br />
the SendMessage action for the queue named 987654321098/queue1.<br />
• One that blacklists all users in the 10.1.2.0/24 range from using the queue.<br />
{<br />
"Version": "2008-10-17",<br />
"Id": "Queue1_Policy_UUID",<br />
"Statement": [<br />
{<br />
"Sid":"Queue1_AnonymousAccess_SendMessage_IPLimit",<br />
"Effect": "Allow",<br />
"Principal": {<br />
"<strong>AWS</strong>": "*"<br />
},<br />
"Action": "sqs:SendMessage",<br />
"Resource": "/987654321098/queue1",<br />
"Condition" : {<br />
"IpAddress" : {<br />
"aws:SourceIp":"192.168.143.0/24"<br />
},<br />
"NotIpAddress" : {<br />
"aws:SourceIp":"192.168.143.188/32"<br />
}<br />
}<br />
},<br />
{<br />
"Sid":"Queue1_AnonymousAccess_AllActions_IPLimit_Deny",<br />
"Effect": "Deny",<br />
"Principal": {<br />
"<strong>AWS</strong>": "*"<br />
},<br />
"Action": "sqs:*",<br />
"Resource": "/987654321098/queue1",<br />
"Condition" : {<br />
"IpAddress" : {<br />
"aws:SourceIp":"10.1.2.0/24"<br />
}<br />
API Version 2009-02-01<br />
59