sqs-dg-2009-02-01

More documents

Recommendations

Info

Amazon Simple Queue Service Developer GuideAWS IAM and SQS Policies TogetherIt's up to you how you use both of the systems together to manage your permissions, based on yourneeds. The following examples show how the two policy systems work together.Example 1In this example, Bob has both an AWS IAM policy and an SQS policy that apply to him. The AWS IAMpolicy gives him permission to use ReceiveMessage on queue_xyz, whereas the SQS policy gives himpermission to use SendMessage on the same queue. The following diagram illustrates the concept.If Bob were to send a request to receive a message from queue_xyz, the AWS IAM policy would allowthe action. If Bob were to send a request to send a message to queue_xyz, the SQS policy would allowthe action.API Version 2009-02-0165
Amazon Simple Queue Service Developer GuideAmazon SQS ARNsExample 2In this example, we build on example 1 (where Bob has two policies that apply to him). Let's say that Bobabuses his access to queue_xyz, so you want to remove his entire access to that queue. The easiestthing to do is add a policy that denies him access to all actions on the queue. This third policy overridesthe other two, because an explicit deny always overrides an allow (for more information about policyevaluation logic, see Evaluation Logic (p. 39)). The following diagram illustrates the concept.Alternatively, you could add an additional statement to the SQS policy that denies Bob any type of accessto the queue. It would have the same effect as adding a AWS IAM policy that denies him access to thequeue.For examples of policies that cover Amazon SQS actions and resources, see Example AWS IAM Policiesfor Amazon SQS (p. 68). For more information about writing SQS policies, go to the Amazon SimpleQueue Service Developer Guide.Amazon SQS ARNsFor Amazon SQS, queues are the only resource type you can specify in a policy. Following is the AmazonResource Name (ARN) format for queues:arn:aws:sqs:region:account_ID:queue_nameFor more information about ARNs, go to ARNs in Using Identity and Access Management.API Version 2009-02-0166
Page 1 and 2:
Amazon Simple Queue ServiceDevelope
Page 3 and 4:
Amazon Simple Queue Service Develop
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18: Amazon Simple Queue Service Develop
Page 67: Amazon Simple Queue Service Develop
show all

sqs-dg-2009-02-01

Create successful ePaper yourself

Delete template?

Save as template?