sqs-dg-2009-02-01

Amazon Simple Queue Service Developer Guide
Using the Access Policy Language
Using the Access Policy Language
The following figure and table describe the general process of how access control works with the access
policy language.
Process for Using Access Control with the Access Policy Language
1
2
3
4
5
6
You write a policy for your resource.
For example, you write a policy to specify permissions for your Amazon SQS queues. For more
information, see How to Write a Policy (p. 46).
You upload your policy to AWS.
The AWS service itself provides an API you use to upload your policies. For example, you use
the Amazon SQS SetQueueAttributes action to upload a policy for a particular Amazon SQS
queue.
Someone sends a request to use your resource.
For example, a user sends a request to SQS to use one of your queues.
The AWS service determines which policies are applicable to the request.
For example, SQS looks at all the available SQS policies and determines which ones are applicable
(based on what the resource is, who the requester is, etc.).
The AWS service evaluates the policies.
For example, SQS evaluates the policies and determines if the requester is allowed to use your
queue or not. For information about the decision logic, see Evaluation Logic (p. 39).
The AWS service either denies the request or continues to process it.
For example, based on the policy evaluation result, the service either returns an "Access denied"
error to the requester or continues to process the request.
Related Topics
• Architectural Overview (p. 36)
API Version 2009-02-01
38