Amazon Simple Queue Service
API Reference (API Version 2012-11-05)


Adds a permission to a queue for a specific principal. This allows sharing access to the queue.

When you create a queue, you have full control access rights for the queue. Only you, the owner of the queue, can grant or deny permissions to the queue. For more information about these permissions, see Shared Queues in the Amazon SQS Developer Guide.


AddPermission writes an Amazon-SQS-generated policy. If you want to write your own policy, use SetQueueAttributes to upload your policy. For more information about writing your own policy, see Using The Access Policy Language in the Amazon SQS Developer Guide.

Some actions take lists of parameters. These lists are specified using the param.n notation. Values of n are integers starting from 1. For example, a parameter list with two elements looks like this:



Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.


The action the client wants to allow for the specified principal. The following values are valid:

  • *

  • ChangeMessageVisibility

  • DeleteMessage

  • GetQueueAttributes

  • GetQueueUrl

  • ReceiveMessage

  • SendMessage

For more information about these actions, see Understanding Permissions in the Amazon SQS Developer Guide.

Specifying SendMessage, DeleteMessage, or ChangeMessageVisibility for ActionName.n also grants permissions for the corresponding batch versions of those actions: SendMessageBatch, DeleteMessageBatch, and ChangeMessageVisibilityBatch.

Type: Array of strings

Required: Yes


The AWS account number of the principal who is given permission. The principal must have an AWS account, but does not need to be signed up for Amazon SQS. For information about locating the AWS account identification, see Your AWS Identifiers in the Amazon SQS Developer Guide.

Type: Array of strings

Required: Yes


The unique identification of the permission you're setting (for example, AliceSendMessage). Maximum 80 characters. Allowed characters include alphanumeric characters, hyphens (-), and underscores (_).

Type: String

Required: Yes


The URL of the Amazon SQS queue to which permissions are added.

Queue URLs are case-sensitive.

Type: String

Required: Yes


For information about the errors that are common to all actions, see Common Errors.


The action that you requested would violate a limit. For example, ReceiveMessage returns this error if the maximum number of inflight messages is reached. AddPermission returns this error if the maximum number of permissions for the queue is reached.

HTTP Status Code: 403


The following example query request grants a SendMessage permission to the principal whose AWS account number is 125074342641. How you structure the AUTHPARAMS depends on how you are signing your API request. For information about AUTHPARAMS in Signature Version 4, see Examples of Signed Signature Version 4 Requests in the Amazon Web Services General Reference.

Sample Request

Copy ?Action=AddPermission &Label=testLabel &AWSAccountId.1=125074342641 &ActionName.1=SendMessage &AWSAccountId.2=125074342642 &ActionName.2=ReceiveMessage &Version=2012-11-05 &Expires=2012-04-18T22%3A52%3A43PST &AUTHPARAMS

Sample Response

<AddPermissionResponse> <ResponseMetadata> <RequestId> 9a285199-c8d6-47c2-bdb2-314cb47d599d </RequestId> </ResponseMetadata> </AddPermissionResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: