sqs-dg-2009-02-01
Erfolgreiche ePaper selbst erstellen
Machen Sie aus Ihren PDF Publikationen ein blätterbares Flipbook mit unserer einzigartigen Google optimierten e-Paper Software.
Amazon Simple Queue Service Developer Guide
Amazon SQS Actions
Example
Following is an ARN for a queue named my_queue in the us-east-1 region, belonging to AWS Account
123456789012.
arn:aws:sqs:us-east-1:123456789012:my_queue
Example
If you had a queue named my_queue in each of the different Regions that Amazon SQS supports, you
could specify the queues with the following ARN.
arn:aws:sqs:*:123456789012:my_queue
You can use * and ? wildcards in the queue name. For example, the following could refer to all the queues
Bob has created, which he has prefixed with bob_.
arn:aws:sqs:*:123456789012:bob_*
As a convenience to you, SQS has a queue attribute called Arn whose value is the queue's ARN. You
can get the value by calling the SQS GetQueueAttributes action.
Amazon SQS Actions
All Amazon SQS actions that you specify in a policy must be prefixed with the lowercase string sqs:.
For example, sqs:CreateQueue.
Before the introduction of AWS IAM, you could use an SQS policy with a queue to specify which AWS
Accounts have access to the queue.You could also specify the type of access (e.g., sqs:SendMessage,
sqs:ReceiveMessage, etc.). The specific actions you could grant permission for were a subset of the
overall set of SQS actions. When you wrote an SQS policy and specified * to mean "all the SQS actions",
that meant all actions in that subset. That subset originally included:
• sqs:SendMessage
• sqs:ReceiveMessage
• sqs:ChangeMessageVisibility
• sqs:DeleteMessage
• sqs:GetQueueAttributes (for all attributes except Policy)
With the introduction of AWS IAM, that list of actions expanded to include the following actions:
• sqs:CreateQueue
• sqs:DeleteQueue
• sqs:ListQueues
The actions related to granting and removing permissions from a queue (sqs:AddPermission, etc.)
are reserved and so don't appear in the preceding two lists. This means that Users in the AWS Account
can't use those actions. However, the AWS Account can use those actions.
API Version 2009-02-01
67