AWS
4 weeks subscription
4 weeks subscription
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Amazon Simple Queue Service Developer Guide<br />
Amazon SQS Actions<br />
Example<br />
Following is an ARN for a queue named my_queue in the us-east-1 region, belonging to <strong>AWS</strong> Account<br />
123456789012.<br />
arn:aws:sqs:us-east-1:123456789012:my_queue<br />
Example<br />
If you had a queue named my_queue in each of the different Regions that Amazon SQS supports, you<br />
could specify the queues with the following ARN.<br />
arn:aws:sqs:*:123456789012:my_queue<br />
You can use * and ? wildcards in the queue name. For example, the following could refer to all the queues<br />
Bob has created, which he has prefixed with bob_.<br />
arn:aws:sqs:*:123456789012:bob_*<br />
As a convenience to you, SQS has a queue attribute called Arn whose value is the queue's ARN. You<br />
can get the value by calling the SQS GetQueueAttributes action.<br />
Amazon SQS Actions<br />
All Amazon SQS actions that you specify in a policy must be prefixed with the lowercase string sqs:.<br />
For example, sqs:CreateQueue.<br />
Before the introduction of <strong>AWS</strong> IAM, you could use an SQS policy with a queue to specify which <strong>AWS</strong><br />
Accounts have access to the queue.You could also specify the type of access (e.g., sqs:SendMessage,<br />
sqs:ReceiveMessage, etc.). The specific actions you could grant permission for were a subset of the<br />
overall set of SQS actions. When you wrote an SQS policy and specified * to mean "all the SQS actions",<br />
that meant all actions in that subset. That subset originally included:<br />
• sqs:SendMessage<br />
• sqs:ReceiveMessage<br />
• sqs:ChangeMessageVisibility<br />
• sqs:DeleteMessage<br />
• sqs:GetQueueAttributes (for all attributes except Policy)<br />
With the introduction of <strong>AWS</strong> IAM, that list of actions expanded to include the following actions:<br />
• sqs:CreateQueue<br />
• sqs:DeleteQueue<br />
• sqs:ListQueues<br />
The actions related to granting and removing permissions from a queue (sqs:AddPermission, etc.)<br />
are reserved and so don't appear in the preceding two lists. This means that Users in the <strong>AWS</strong> Account<br />
can't use those actions. However, the <strong>AWS</strong> Account can use those actions.<br />
API Version 2009-02-01<br />
67