sqs-dg-2009-02-01
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Amazon Simple Queue Service Developer Guide
IAM-Related Features of SQS Policies
Controlling User Access to Your
AWS Account
Topics
• IAM-Related Features of SQS Policies (p. 62)
• AWS IAM and SQS Policies Together (p. 64)
• Amazon SQS ARNs (p. 66)
• Amazon SQS Actions (p. 67)
• Amazon SQS Keys (p. 68)
• Example AWS IAM Policies for Amazon SQS (p. 68)
• Using Temporary Security Credentials (p. 70)
Amazon SQS has its own resource-based permissions system that uses policies written in the same
language used for AWS Identity and Access Management (AWS IAM) policies. This means that you can
achieve the same things with SQS policies that you can with AWS IAM policies. The main difference
between using SQS policies versus AWS IAM policies is that you can grant another AWS Account
permission to your queues with an SQS policy, and you can't do that with an AWS IAM policy.
Note
When you grant other AWS accounts access to your AWS resources, be aware that all AWS
accounts can delegate their permissions to users under their accounts. This is known as
cross-account access. Cross-account access enables you to share access to your AWS resources
without having to manage additional users. For information about using cross-account access,
go to Enabling Cross-Account Access in Using AWS Identity and Access Management.
This section describes how the SQS policy system works with AWS IAM.
IAM-Related Features of SQS Policies
You can use an SQS policy with a queue to specify which AWS Accounts have access to the queue.You
can specify the type of access and conditions (e.g., permission to use SendMessage, ReceiveMessage,
if the request is before December 31, 2010). The specific actions you can grant permission for are a
API Version 2009-02-01
62