Amazon SQS Access Policy Language key concepts - Amazon Simple Queue Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon SQS Access Policy Language key concepts

To write your own policies, you must be familiar with JSON and a number of key concepts.


The result of a Statement that has Effect set to allow.


The activity that the Principal has permission to perform, typically a request to Amazon.


The result of a Statement that has no Allow or Explicit-deny settings.


Any restriction or detail about a Permission. Typical conditions are related to date and time and IP addresses.


The result that you want the Statement of a Policy to return at evaluation time. You specify the deny or allow value when you write the policy statement. There can be three possible results at policy evaluation time: Default-deny, Allow, and Explicit-deny.


The result of a Statement that has Effect set to deny.


The process that Amazon SQS uses to determine whether an incoming request should be denied or allowed based on a Policy.


The user who writes a Policy to grant permissions to a resource. The issuer, by definition is always the resource owner. Amazon doesn't permit Amazon SQS users to create policies for resources they don't own.


The specific characteristic that is the basis for access restriction.


The concept of allowing or disallowing access to a resource using a Condition and a Key.


The document that acts as a container for one or more statements.

Policy A containing statement 1 and statement 2 is equivalent to policy A that contains statement 1, and Policy B that contains statement 2.

Amazon SQS uses the policy to determine whether to grant access to a user for a resource.


The user who receives Permission in the Policy.


The object that the Principal requests access to.


The formal description of a single permission, written in the access policy language as part of a broader Policy document.


The user who sends a request for access to a Resource.