sqs-dg-2009-02-01
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Amazon Simple Queue Service Developer Guide
Basic Use Cases for Access Control
Use Case 1
Let's say you have a set of queues in the Amazon SQS system. In the simplest case, you want to allow
one or more AWS accounts a particular type of access to a queue (e.g., SendMessage, ReceiveMessage).
You can do this by simply using the Amazon SQS API action AddPermission. It takes a few input
parameters and automatically creates a policy in the SQS system for that queue. For this use case, you
don't need to read this appendix or learn how to write a policy yourself, because SQS can automatically
create the policy for you.
The following example shows a policy that gives AWS account ID 1234-5678-9012 permission to send
and receive from a queue you own named queue2. In this example, your AWS account ID is
9876-5432-1000.
{
}
"Version":"2008-10-17",
"Id":"UseCase1",
"Statement" : [
{
"Sid":"1",
"Effect":"Allow",
"Principal" : {
"AWS": "123456789012"
},
"Action":["sqs:SendMessage","sqs:ReceiveMessage"],
"Resource": "/987654321000/queue2",
}
]
Use Case 2
In this use case, you want to allow one or more AWS accounts access to your queues only for a specific
time period.
You need to know how to write your own policy for the queue because the SQS AddPermission action
doesn't let you specify a time restriction when granting someone access to your queue. In this case, you
would write your own policy and then upload it to the AWS system with the SetQueueAttributes action.
Effectively the action sets your policy as an attribute of the queue.
The following example is the same as in use case 1, except it also includes a condition that restricts
access to before June 30, 2009, at noon (UTC).
{
"Version":"2008-10-17",
"Id":"UseCase2",
"Statement" : [
{
"Sid":"1",
"Effect":"Allow",
"Principal" : {
"AWS": "123456789012"
},
"Action":["sqs:SendMessage","sqs:ReceiveMessage"],
"Resource": "/987654321000/queue2",
"Condition" : {
API Version 2009-02-01
43