sqs-dg-2009-02-01
Erfolgreiche ePaper selbst erstellen
Machen Sie aus Ihren PDF Publikationen ein blätterbares Flipbook mit unserer einzigartigen Google optimierten e-Paper Software.
Amazon Simple Queue Service Developer Guide
Shared Queues
Shared Queues
Topics
• Simple API for Shared Queues (p. 29)
• Advanced API for Shared Queues (p. 29)
• Understanding Permissions (p. 29)
• Granting Anonymous Access to a Queue (p. 30)
Amazon SQS includes methods to share your queues so others can use them, using permissions set in
an access control policy. A permission gives access to another person to use your queue in some particular
way. A policy is the actual document that contains the permissions you've granted.
Amazon SQS offers two methods for setting a policy: a simple API and an advanced API. In the simple
API, SQS generates an access control policy for you. In the advanced API, you create the access control
policy.
Simple API for Shared Queues
The simple API for sharing a queue has two operations:
• AddPermission
• RemovePermission
With the Simple API, Amazon SQS writes the policy in the required language for you based on the
information you include in the AddPermission operation. However, the policy that Amazon SQS generates
is limited in scope. You can grant permissions to principals, but you can't specify restrictions.
Advanced API for Shared Queues
With the advanced API, you write the policy yourself directly in the access policy language and upload
the policy with the SetQueueAttributes operation. The advanced API allows you to deny access or to
apply finer access restrictions (for example, based on time or based on IP address).
If you choose to write your own policies, you need to understand how policies are structured. For complete
reference information about policies, see Using The Access Policy Language (p. 32). For examples of
policies, see Amazon SQS Policy Examples (p. 57).
Understanding Permissions
A permission is the type of access you give to a principal (the user receiving the permission). You give
each permission a label that identifies that permission. If you want to delete that permission in the future,
you use that label to identify the permission. If you want to see what permissions are on a queue, use
the GetQueueAttributes operation. Amazon SQS returns the entire policy (containing all the permissions).
Amazon SQS supports the permission types shown in the following table.
Permission
*
ReceiveMessage
Description
This permission type grants the following actions to a principal on a shared
queue: receive messages, send messages, delete messages, change a
message's visibility, get a queue's attributes.
This grants permission to receive messages in the queue.
API Version 2009-02-01
29