Using custom policies with the Amazon SQS Access Policy Language

If you want to allow Amazon SQS access based only on an Amazon Web Services account ID and basic permissions (such as for SendMessage or ReceiveMessage), you don't need to write your own policies. You can just use the Amazon SQS AddPermission action.

If you want to explicitly deny or allow access based on more specific conditions (such as the time the request comes in or the IP address of the requester), you need to write your own Amazon SQS policies and upload them to the Amazon system using the Amazon SQS SetQueueAttributes action.

Topics

Amazon SQS access control architecture
Amazon SQS access control process workflow
Amazon SQS Access Policy Language key concepts
Amazon SQS Access Policy Language evaluation logic
Relationships between explicit and default denials in the Amazon SQS Access Policy Language
Limitations of Custom Policies
Custom Amazon SQS Access Policy Language examples

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Basic Amazon SQS policy examples

Access control architecture