sqs-dg-2009-02-01
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Amazon Simple Queue Service Developer Guide
IAM-Related Features of SQS Policies
subset of the overall list of SQS actions. When you write an SQS policy and specify * to mean "all the
SQS actions", that means all actions in that subset.
The following diagram illustrates the concept of one of these basic SQS policies that covers the subset
of actions. The policy is for queue_xyz, and it gives AWS Account 1 and AWS Account 2 permission to
use any of the allowed actions with the queue. Notice that the resource in the policy is specified as
123456789012/queue_xyz (where 123456789012 is the AWS Account ID of the account that owns the
queue).
With the introduction of AWS IAM and the concepts of Users and Amazon Resource Names (ARNs), a
few things have changed about SQS policies. The following diagram and table describe the changes.
In addition to specifying which AWS Accounts have access to the queue, you can specify which
Users in your own AWS Account have access to the queue.
The Users can't be in another AWS Account.
The subset of actions included in "*" has expanded (for a list of allowed actions, see Amazon
SQS Actions (p. 67)).
API Version 2009-02-01
63