Amazon SQS API permissions: Actions and resource reference
When you set up Access control and write permissions policies that you can attach to an IAM identity, you can use the following table as a reference. The table lists each Amazon Simple Queue Service action, the corresponding actions for which you can grant permissions to perform the action, and the Amazon resource for which you can grant the permissions.
Specify the actions in the policy's Action
field, and the
resource value in the policy's Resource
field. To specify an
action, use the sqs:
prefix followed by the action name (for
example, sqs:CreateQueue
).
Currently, Amazon SQS supports the global condition context keys available in IAM.
If you see an expand arrow (↗) in the upper-right corner of the table, you can open the table in a new window. To close the window, choose the close button (X) in the lower-right corner.
Amazon SQS actions | Required permissions | Resource |
---|---|---|
sqs:AddPermission |
|
|
sqs:CancelMessageMoveTask |
arn:aws-cn:sqs: |
|
sqs:ReceiveMessage |
||
sqs:DeleteMessage |
||
sqs:GetQueueAttributes |
||
sqs:ChangeMessageVisibility |
arn:aws-cn:sqs: |
|
sqs:CreateQueue |
arn:aws-cn:sqs: |
|
sqs:DeleteMessage |
arn:aws-cn:sqs: |
|
sqs:DeleteQueue |
arn:aws-cn:sqs: |
|
sqs:GetQueueAttributes |
arn:aws-cn:sqs: |
|
sqs:GetQueueUrl |
arn:aws-cn:sqs: |
|
sqs:ListDeadLetterSourceQueues |
arn:aws-cn:sqs: |
|
sqs:ListMessageMoveTasks |
arn:aws-cn:sqs: |
|
sqs:GetQueueAttributes |
||
sqs:ListQueues |
arn:aws-cn:sqs: |
|
sqs:ListQueueTags |
arn:aws-cn:sqs: |
|
sqs:PurgeQueue |
arn:aws-cn:sqs: |
|
sqs:ReceiveMessage |
arn:aws-cn:sqs: |
|
sqs:RemovePermission |
arn:aws-cn:sqs: |
|
sqs:SendMessage |
arn:aws-cn:sqs: |
|
sqs:SetQueueAttributes |
arn:aws-cn:sqs: |
|
sqs:StartMessageMoveTask |
arn:aws-cn:sqs: |
|
sqs:ReceiveMessage |
||
sqs:DeleteMessage |
||
sqs:GetQueueAttributes |
||
sqs:SendMessage |
arn:aws-cn:sqs: |
|
sqs:TagQueue |
arn:aws-cn:sqs: |
|
sqs:UntagQueue |
arn:aws-cn:sqs: |