|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
An identifier associated with your Secret Access Key. Used for request authentication. For more information, see Your AWS Identifiers.
The action is the activity the principal has permission to perform. The action is B in the statement "A
has permission to do B to C where D applies." The action is just the operation in the request
to SQS. For example, Jane sends a request to Amazon SQS with
Action=ReceiveMessage. For more information, see Shared Queues.
The conditions are any restrictions or details about the permission. The condition is D in the statement "A has permission to do B to C where D applies." Following are some of the common types of conditions:
The issuer is the person who writes a policy to grant permissions to a resource. The issuer (by definition) is always the resource owner. AWS does not permit SQS users to create policies for resources they don't own. If John is the resource owner, AWS authenticates John's identity when he submits the policy he's written to grant permissions for that resource.
An identifier you get when you send a message to the queue.
A permission allows or disallows access to a particular resource. You can state any permission like this: "A has permission to do B to C where D applies." For example, Jane (A) has permission to read messages (B) from John's Amazon SQS queue (C), as long as she asks to receive only a maximum of 10 messages from the queue at a time (D). Whenever Jane sends a request to Amazon SQS to use John's queue, the service checks to see if she has permission and if the request satisfies the conditions John set forth in the permission. For more information, see Shared Queues.
The principal is the person or persons who receive the permission in the policy. The principal is A in the statement "A has permission to do B to C where D applies." In a policy, you may set the principal to "anyone" (i.e., you can specify a wildcard to represent all people). You might do this, for example, if you don't want to restrict access based on the actual identity of the requester, but instead on some other identifying characteristic such as the requester's IP address.
The URL uniquely identifying a queue.
A policy is the formal description of the permissions for a resource. The Access Policy Language distinguishes between a policy and a statement. A policy is the complete document that can contain many different permissions for a given resource. A statement is the description of an individual permission. Therefore a policy can contain multiple statements. For example, a policy could specify that Jane can use John's queue (one statement), and Bob cannot use John's queue (another statement).
This is a type of HTTP request that generally uses only the GET or POST HTTP method and a query string with parameters.
An identifier you get when you receive a message from the queue. You must provide this identifier when deleting a message from the queue or when changing a message's visibility timeout.
The requester is the person who sends a request to an AWS service and asks for access to a particular resource. The requester sends a request to AWS that essentially says: "Can A do B to C where D applies?" In this question, the requester is A.
The resource is the object the principal is requesting access to. The resource is C in the statement "A has permission to do B to C where D applies."
A key that Amazon Web Services (AWS) assigns to you when you sign up for an AWS account. Used for request authentication. For more information, see Your AWS Account.
The length of time (in seconds) that a message that has been received from a queue will be invisible to other receiving components when they ask to receive messages. During the visibility timeout, the component that received the message usually processes the message and then deletes it from the queue. For more information, see Visibility Timeout.