sqs-dg-2009-02-01
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Amazon Simple Queue Service Developer Guide
Amazon SQS Policy Examples
}
"Statement":
{
"Sid":"Queue1_AnonymousAccess_AllActions_WhitelistIP",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "sqs:*",
"Resource": "/987654321098/queue1",
"Condition" : {
"IpAddress" : {
"aws:SourceIp":"192.168.143.0/24"
}
}
}
The following example policy has two statements:
• One that gives all users in the 192.168.143.0/24 range (except for 192.168.143.188) permission to use
the SendMessage action for the queue named 987654321098/queue1.
• One that blacklists all users in the 10.1.2.0/24 range from using the queue.
{
"Version": "2008-10-17",
"Id": "Queue1_Policy_UUID",
"Statement": [
{
"Sid":"Queue1_AnonymousAccess_SendMessage_IPLimit",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "sqs:SendMessage",
"Resource": "/987654321098/queue1",
"Condition" : {
"IpAddress" : {
"aws:SourceIp":"192.168.143.0/24"
},
"NotIpAddress" : {
"aws:SourceIp":"192.168.143.188/32"
}
}
},
{
"Sid":"Queue1_AnonymousAccess_AllActions_IPLimit_Deny",
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "sqs:*",
"Resource": "/987654321098/queue1",
"Condition" : {
"IpAddress" : {
"aws:SourceIp":"10.1.2.0/24"
}
API Version 2009-02-01
59
Change language