sqs-dg-2009-02-01

More documents

Recommendations

Info

Amazon Simple Queue Service Developer GuideExample AWS IAM Policies for Amazon SQSExample 2: Allow developers to write messages to a shared test queueIn this example, we create a group for developers and attach a policy that lets the group use the AmazonSQS SendMessage action, but only with the AWS Account's queue named CompanyTestQueue.{}"Statement":[{"Effect":"Allow","Action":"sqs:SendMessage","Resource":"arn:aws:sqs:*:123456789012:CompanyTestQueue"}]Example 3: Allow managers to get the general size of queuesIn this example, we create a group for managers and attach a policy that lets the group use the AmazonSQS GetQueueAttributes action with all of the AWS Account's queues.{}"Statement":[{"Effect":"Allow","Action":"sqs:GetQueueAttributes","Resource":"*"}]API Version 2009-02-0169
Amazon Simple Queue Service Developer GuideUsing Temporary Security CredentialsExample 4: Allow a partner to send messages to a particular queueYou could do this with an SQS policy or an AWS IAM policy. Using an SQS policy might be easier if thepartner has an AWS Account. However, anyone in the partner's company who possesses the AWSAccount credentials could send messages to the queue (and not just a particular User). We'll assumeyou want to limit access to a particular person (or application), so you need to treat the partner like a Userwithin your own company, and use a AWS IAM policy instead of an SQS policy.In this example, we create a group called WidgetCo that represents the partner company, then create aUser for the specific person (or application) at the partner company who needs access, and then put theUser in the group.We then attach a policy that gives the group SendMessage access on the specific queue namedWidgetPartnerQueue.We also want to prevent the WidgetCo group from doing anything else with queues, so we add a statementthat denies permission to any Amazon SQS actions besides SendMessage on any queue besidesWidgetPartnerQueue. This is only necessary if there's a broad policy elsewhere in the system that givesUsers wide access to Amazon SQS.{}"Statement":[{"Effect":"Allow","Action":"sqs:SendMessage","Resource":"arn:aws:sqs:*:123456789012:WidgetPartnerQueue"},{"Effect":"Deny","NotAction":"sqs:SendMessage","NotResource":"arn:aws:sqs:*:123456789012:WidgetPartnerQueue"}]Using Temporary Security CredentialsIn addition to creating IAM users with their own security credentials, IAM also enables you to granttemporary security credentials to any user allowing this user to access your AWS services and resources.You can manage users who have AWS accounts; these users are IAM users.You can also manage usersfor your system who do not have AWS accounts; these users are called federated users. Additionally,"users" can also be applications that you create to access your AWS resources.You can use these temporary security credentials in making requests to Amazon SQS. The API librariescompute the necessary signature value using those credentials to authenticate your request. If you sendrequests using expired credentials Amazon SQS denies the request.For more information about IAM support for temporary security credentials, go to Granting TemporaryAccess to Your AWS Resources in Using IAM.Example Using Temporary Security Credentials to Authenticate an Amazon SQS RequestThe following example demonstrates how to obtain temporary security credentials to authenticate anAmazon SQS request.API Version 2009-02-0170
Page 1 and 2:
Amazon Simple Queue ServiceDevelope
Page 3 and 4:
Amazon Simple Queue Service Develop
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22: Amazon Simple Queue Service Develop
Page 71: Amazon Simple Queue Service Develop
show all

sqs-dg-2009-02-01

Create successful ePaper yourself

Delete template?

Save as template?