Using custom policies with the Amazon SQS Access Policy Language

To grant basic permissions (such as SendMessage or ReceiveMessage) based only on an Amazon Web Services account ID, you don’t need to write a custom policy. Instead, use the Amazon SQS AddPermission action.

To allow or deny access based on specific conditions, such as request time or the requester's IP address, you must create a custom Amazon SQS policy and upload it using the SetQueueAttributes action.

Topics

Access control architecture
Access control process workflow
Access Policy Language key concepts
Access Policy Language evaluation logic
Relationships between explicit and default denials
Custom policy limitations
Custom Access Policy Language examples

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Basic Amazon SQS policy examples

Access control architecture