AWS

More documents

Recommendations

Info

Amazon Simple Queue Service Developer Guide Special Information for SQS Policies Special Information for SQS Policies The following list gives information specific to the SQS implementation of access control. • SQS allows you to share only certain types of permissions (for more information, see Understanding Permissions (p. 29)) • Each policy must cover only a single queue (when writing a policy, don't include statements that cover different queues) • Each policy must have a unique policy ID (Id) • Each statement in a policy must have a unique statement ID (sid) • SQS does not implement any special keys to use when you write conditions; the only keys available are the general AWS-wide keys. The following table lists the maximum limits for policy information. Name Bytes Statements Principals Conditions Maximum Limit 8192 20 50 10 API Version 2009-02-01 61
Amazon Simple Queue Service Developer Guide IAM-Related Features of SQS Policies Controlling User Access to Your AWS Account Topics • IAM-Related Features of SQS Policies (p. 62) • AWS IAM and SQS Policies Together (p. 64) • Amazon SQS ARNs (p. 66) • Amazon SQS Actions (p. 67) • Amazon SQS Keys (p. 68) • Example AWS IAM Policies for Amazon SQS (p. 68) • Using Temporary Security Credentials (p. 70) Amazon SQS has its own resource-based permissions system that uses policies written in the same language used for AWS Identity and Access Management (AWS IAM) policies. This means that you can achieve the same things with SQS policies that you can with AWS IAM policies. The main difference between using SQS policies versus AWS IAM policies is that you can grant another AWS Account permission to your queues with an SQS policy, and you can't do that with an AWS IAM policy. Note When you grant other AWS accounts access to your AWS resources, be aware that all AWS accounts can delegate their permissions to users under their accounts. This is known as cross-account access. Cross-account access enables you to share access to your AWS resources without having to manage additional users. For information about using cross-account access, go to Enabling Cross-Account Access in Using AWS Identity and Access Management. This section describes how the SQS policy system works with AWS IAM. IAM-Related Features of SQS Policies You can use an SQS policy with a queue to specify which AWS Accounts have access to the queue.You can specify the type of access and conditions (e.g., permission to use SendMessage, ReceiveMessage, if the request is before December 31, 2010). The specific actions you can grant permission for are a API Version 2009-02-01 62
Page 1 and 2:
Amazon Simple Queue Service Develop
Page 3 and 4:
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14: Amazon Simple Queue Service Develop
Page 63: Amazon Simple Queue Service Develop
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
show all

AWS

Create successful ePaper yourself

Delete template?

Save as template?