sqs-dg-2009-02-01
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Amazon Simple Queue Service Developer Guide
Evaluation Logic
If someone sends a request from Antarctica, the condition is met, and the policy's result is therefore an
explicit deny.
The distinction between a default deny and an explicit deny is important because a default deny can be
overridden by an allow, but an explicit deny can't. For example, let's say there's another policy that allows
requests if they arrive on June 1, 2010. How does this policy affect the overall outcome when coupled
with the policy restricting access from Antarctica? We'll compare the overall outcome when coupling the
date-based policy (we'll call Policy B) with the preceding policies A1 and A2. Scenario 1 couples Policy
A1 with Policy B, and Scenario 2 couples Policy A2 with Policy B. The following figure and discussion
show the results when a request comes in from Antarctica on June 1, 2010.
API Version 2009-02-01
41