sqs-dg-2009-02-01
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Amazon Simple Queue Service Developer Guide
Granting Anonymous Access to a Queue
Permission
SendMessage
DeleteMessage
ChangeMessageVisibility
GetQueueAttributes
Description
This grants permission to send messages to the queue.
This grants permission to delete messages from the queue.
This grants permission to extend or terminate the read lock timeout of a
specified message. For more information about visibility timeout, see Visibility
Timeout (p. 8). For more information about this permission type, see the
ChangeMessageVisibility operation.
This grants permission to receive all of the queue attributes except the policy,
which can only be accessed by the queue's owner. For more information,
see the GetQueueAttributes operation..
Permissions for each of the different permission types are considered separate permissions by Amazon
SQS, even though * includes the access provided by the other permission types. For example, it is
possible to grant both * and SendMessage permissions to a user, even though a * includes the access
provided by SendMessage.
This concept applies when you remove a permission. If a principal has only a * permission, requesting
to remove a SendMessage permission does not leave the principal with an "everything but" permission.
Instead, the request does nothing, because the principal did not previously possess an explicit
SendMessage permission.
If you want to remove * and leave the principal with just the ReceiveMessage permission, first add the
ReceiveMessage permission, then remove the * permission.
Tip
You give each permission a label that identifies that permission. If you want to delete that
permission in the future, you use that label to identify the permission.
Note
If you want to see what permissions are on a queue, use the GetQueueAttributes operation. The
entire policy (containing all the permissions) is returned.
Granting Anonymous Access to a Queue
You can allow shared queue access to anonymous users. Such access requires no signature or Access
Key ID.
To allow anonymous access you must write your own policy, setting the Principal to *. For information
about writing your own policies, see Using The Access Policy Language (p. 32).
Caution
Keep in mind that the queue owner is responsible for all costs related to the queue. Therefore
you probably want to limit anonymous access in some other way (by time or IP address, for
example).
API Version 2009-02-01
30