QueueGrants
- class aws_cdk.aws_sqs.QueueGrants(*args: Any, **kwargs)
Bases:
objectCollection of grant methods for a IQueueRef.
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_sqs as sqs from aws_cdk.interfaces import aws_sqs as interfaces_sqs # queue_ref: interfaces_sqs.IQueueRef queue_grants = sqs.QueueGrants.from_queue(queue_ref)
Methods
- actions(grantee, actions, *, key_actions=None, resource_arns=None)
Grant the given identity custom permissions.
- Parameters:
grantee (
IGrantable)actions (
Sequence[str])key_actions (
Optional[Sequence[str]]) – The KMS key actions to grant permissions for. Default: - No permission is added to the KMS key, even if it existsresource_arns (
Optional[Sequence[str]]) – The ARNs of the resources to grant permissions on. Default: - The ARN of the resource associated with the grant is used.
- Return type:
- consume_messages(grantee)
Grant permissions to consume messages from a queue.
This will grant the following permissions:
sqs:ChangeMessageVisibility
sqs:DeleteMessage
sqs:ReceiveMessage
sqs:GetQueueAttributes
sqs:GetQueueUrl
If encryption is used, permission to use the key to decrypt the contents of the queue will also be granted to the same principal.
This will grant the following KMS permissions:
kms:Decrypt
- Parameters:
grantee (
IGrantable)- Return type:
- purge(grantee)
Grants purge permissions.
- Parameters:
grantee (
IGrantable)- Return type:
- send_messages(grantee)
Grant access to send messages to a queue to the given identity.
This will grant the following permissions:
sqs:SendMessage
sqs:GetQueueAttributes
sqs:GetQueueUrl
If encryption is used, permission to use the key to encrypt/decrypt the contents of the queue will also be granted to the same principal.
This will grant the following KMS permissions:
kms:Decrypt
kms:Encrypt
kms:ReEncrypt*
kms:GenerateDataKey*
- Parameters:
grantee (
IGrantable)- Return type:
Static Methods