# AddPermission Adds a permission to a queue for a specific [principal](https://docs.amazonaws.cn/general/latest/gr/glos-chap.html#P). This allows sharing access to the queue. When you create a queue, you have full control access rights for the queue. Only you, the owner of the queue, can grant or deny permissions to the queue. For more information about these permissions, see [Allow Developers to Write Messages to a Shared Queue](https://docs.amazonaws.cn/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-writing-an-sqs-policy.html#write-messages-to-shared-queue) in the *Amazon SQS Developer Guide*. **Note** `AddPermission` generates a policy for you. You can use ` SetQueueAttributes ` to upload your policy. For more information, see [Using Custom Policies with the Amazon SQS Access Policy Language](https://docs.amazonaws.cn/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-creating-custom-policies.html) in the *Amazon SQS Developer Guide*. An Amazon SQS policy can have a maximum of seven actions per statement. To remove the ability to change queue permissions, you must deny permission to the `AddPermission`, `RemovePermission`, and `SetQueueAttributes` actions in your IAM policy. Amazon SQS `AddPermission` does not support adding a non-account principal. **Note** Cross-account permissions don't apply to this action. For more information, see [Grant cross-account permissions to a role and a username](https://docs.amazonaws.cn/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name) in the *Amazon SQS Developer Guide*. ## Request Syntax ``` { "Actions": [ "string" ], "AWSAccountIds": [ "string" ], "Label": "string", "QueueUrl": "string" } ``` ## Request Parameters For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md). The request accepts the following data in JSON format. ** [Actions](#API_AddPermission_RequestSyntax) ** The action the client wants to allow for the specified principal. Valid values: the name of any action or `*`. For more information about these actions, see [Overview of Managing Access Permissions to Your Amazon Simple Queue Service Resource](https://docs.amazonaws.cn/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-overview-of-managing-access.html) in the *Amazon SQS Developer Guide*. Specifying `SendMessage`, `DeleteMessage`, or `ChangeMessageVisibility` for `ActionName.n` also grants permissions for the corresponding batch versions of those actions: `SendMessageBatch`, `DeleteMessageBatch`, and `ChangeMessageVisibilityBatch`. Type: Array of strings Required: Yes ** [AWSAccountIds](#API_AddPermission_RequestSyntax) ** The Amazon Web Services account numbers of the [principals](https://docs.amazonaws.cn/general/latest/gr/glos-chap.html#P) who are to receive permission. For information about locating the Amazon Web Services account identification, see [Your Amazon Identifiers](https://docs.amazonaws.cn/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html#sqs-api-request-authentication) in the *Amazon SQS Developer Guide*. Type: Array of strings Required: Yes ** [Label](#API_AddPermission_RequestSyntax) ** The unique identification of the permission you're setting (for example, `AliceSendMessage`). Maximum 80 characters. Allowed characters include alphanumeric characters, hyphens (`-`), and underscores (`_`). Type: String Required: Yes ** [QueueUrl](#API_AddPermission_RequestSyntax) ** The URL of the Amazon SQS queue to which permissions are added. Queue URLs and names are case-sensitive. Type: String Required: Yes ## Response Elements If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body. ## Errors For information about the errors that are common to all actions, see [Common Errors](CommonErrors.md). ** InvalidAddress ** The specified ID is invalid. HTTP Status Code: 400 ** InvalidSecurity ** The request was not made over HTTPS or did not use SigV4 for signing. HTTP Status Code: 400 ** OverLimit ** The specified action violates a limit. For example, `ReceiveMessage` returns this error if the maximum number of in flight messages is reached and `AddPermission` returns this error if the maximum number of permissions for the queue is reached. HTTP Status Code: 400 ** QueueDoesNotExist ** Ensure that the `QueueUrl` is correct and that the queue has not been deleted. HTTP Status Code: 400 ** RequestThrottled ** The request was denied due to request throttling. + Exceeds the permitted request rate for the queue or for the recipient of the request. + Ensure that the request rate is within the Amazon SQS limits for sending messages. For more information, see [Amazon SQS quotas](https://docs.amazonaws.cn/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-quotas.html#quotas-requests) in the *Amazon SQS Developer Guide*. HTTP Status Code: 400 ** UnsupportedOperation ** Error code 400. Unsupported operation. HTTP Status Code: 400 ## Examples The following example query requests grant a ` SendMessage ` permission to the principal whose Amazon Web Services account number is 177715257436 and a ` ReceiveMessage ` permission to the principal whose Amazon Web Services account number is 111111111111. The structure of `AUTHPARAMS` depends on the signature of the API request. For more information, see [ Examples of Signed Signature Version 4 Requests](https://docs.amazonaws.cn/general/latest/gr/sigv4-signed-request-examples.html) in the * Amazon General Reference*. ### Example **Using Amazon JSON protocol (Default)** #### Sample Request ``` POST / HTTP/1.1 Host: sqs.us-east-1.amazonaws.com X-Amz-Target: AmazonSQS.AddPermission X-Amz-Date: Content-Type: application/x-amz-json-1.0 Authorization: Content-Length: Connection: Keep-Alive { "QueueUrl": "https://sqs.us-east-1.amazonaws.com/177715257436/MyQueue/", "Label": "MyLabel", "Actions": ["SendMessage", "ReceiveMessage"], "AWSAccountIds": ["177715257436", "111111111111"] } ``` #### Sample Response ``` HTTP/1.1 200 OK x-amzn-RequestId: Content-Length: 0 Date: Content-Type: application/x-amz-json-1.0 ``` ### Example **Using Amazon query protocol** #### Sample Request ``` POST /177715257436/MyQueue HTTP/1.1 Host: sqs.us-east-1.amazonaws.com X-Amz-Date: Content-Type: application/x-www-form-urlencoded Authorization: Content-Length: Connection: Keep-Alive Action=AddPermission &Label=MyLabel &AWSAccountId.1=177715257436 &ActionName.1=SendMessage &AWSAccountId.2=111111111111 &ActionName.2=ReceiveMessage ``` #### Sample Response ``` HTTP/1.1 200 OK b05e862e-c961-5213-bd8d-da5e6667b7d7 ``` ## See Also For more information about using this API in one of the language-specific Amazon SDKs, see the following: + [Amazon Command Line Interface V2](https://docs.amazonaws.cn/goto/cli2/sqs-2012-11-05/AddPermission) + [Amazon SDK for .NET V4](https://docs.amazonaws.cn/goto/DotNetSDKV4/sqs-2012-11-05/AddPermission) + [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/sqs-2012-11-05/AddPermission) + [Amazon SDK for Go v2](https://docs.amazonaws.cn/goto/SdkForGoV2/sqs-2012-11-05/AddPermission) + [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/sqs-2012-11-05/AddPermission) + [Amazon SDK for JavaScript V3](https://docs.amazonaws.cn/goto/SdkForJavaScriptV3/sqs-2012-11-05/AddPermission) + [Amazon SDK for Kotlin](https://docs.amazonaws.cn/goto/SdkForKotlin/sqs-2012-11-05/AddPermission) + [Amazon SDK for PHP V3](https://docs.amazonaws.cn/goto/SdkForPHPV3/sqs-2012-11-05/AddPermission) + [Amazon SDK for Python](https://docs.amazonaws.cn/goto/boto3/sqs-2012-11-05/AddPermission) + [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/sqs-2012-11-05/AddPermission)