Menu
Amazon Simple Queue Service
API Reference (API Version 2012-11-05)

AddPermission

Adds a permission to a queue for a specific principal. This allows sharing access to the queue.

When you create a queue, you have full control access rights for the queue. Only you, the owner of the queue, can grant or deny permissions to the queue. For more information about these permissions, see Allow Developers to Write Messages to a Shared Queue in the Amazon Simple Queue Service Developer Guide.

Note

AddPermission writes an Amazon-SQS-generated policy. If you want to write your own policy, use SetQueueAttributes to upload your policy. For more information about writing your own policy, see Using Custom Policies with the Amazon SQS Access Policy Language in the Amazon Simple Queue Service Developer Guide.

An Amazon SQS policy can have a maximum of 7 actions.

Some actions take lists of parameters. These lists are specified using the param.n notation. Values of n are integers starting from 1. For example, a parameter list with two elements looks like this:

&Attribute.1=first

&Attribute.2=second

Note

Cross-account permissions don't apply to this action. For more information, see see Grant Cross-Account Permissions to a Role and a User Name in the Amazon Simple Queue Service Developer Guide.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

ActionName.N

The action the client wants to allow for the specified principal. Valid values: the name of any action or *.

For more information about these actions, see Overview of Managing Access Permissions to Your Amazon Simple Queue Service Resource in the Amazon Simple Queue Service Developer Guide.

Specifying SendMessage, DeleteMessage, or ChangeMessageVisibility for ActionName.n also grants permissions for the corresponding batch versions of those actions: SendMessageBatch, DeleteMessageBatch, and ChangeMessageVisibilityBatch.

Type: Array of strings

Required: Yes

AWSAccountId.N

The AWS account number of the principal who is given permission. The principal must have an AWS account, but does not need to be signed up for Amazon SQS. For information about locating the AWS account identification, see Your AWS Identifiers in the Amazon Simple Queue Service Developer Guide.

Type: Array of strings

Required: Yes

Label

The unique identification of the permission you're setting (for example, AliceSendMessage). Maximum 80 characters. Allowed characters include alphanumeric characters, hyphens (-), and underscores (_).

Type: String

Required: Yes

QueueUrl

The URL of the Amazon SQS queue to which permissions are added.

Queue URLs and names are case-sensitive.

Type: String

Required: Yes

Errors

For information about the errors that are common to all actions, see Common Errors.

OverLimit

The specified action violates a limit. For example, ReceiveMessage returns this error if the maximum number of inflight messages is reached and AddPermission returns this error if the maximum number of permissions for the queue is reached.

HTTP Status Code: 403

Example

The following example query request grants a SendMessage permission to the principal whose AWS account number is 125074342641. The structure of AUTHPARAMS depends on the signature of the API request. For more information, see Examples of Signed Signature Version 4 Requests in the Amazon Web Services General Reference.

Sample Request

https://sqs.us-east-2.amazonaws.com/123456789012/MyQueue/ ?Action=AddPermission &Label=MyLabel &AWSAccountId.1=125074342641 &ActionName.1=SendMessage &AWSAccountId.2=125074342642 &ActionName.2=ReceiveMessage &Expires=2020-04-18T22%3A52%3A43PST &Version=2012-11-05 &AUTHPARAMS

Sample Response

<AddPermissionResponse> <ResponseMetadata> <RequestId>9a285199-c8d6-47c2-bdb2-314cb47d599d</RequestId> </ResponseMetadata> </AddPermissionResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: