# Amazon SNS access control architecture overview
<a name="sns-access-policy-language-architectural-overview"></a>

The following figure and table describe the main components that interact to provide access control for your resources.

![The flow of access control within an Amazon Web Services service. It shows how you, as the resource owner, manage your resources (such as Amazon SQS queues) through policies. These policies are evaluated by the Amazon service's access policy language evaluation code to determine whether incoming requests from requesters should be granted or denied access to the resources. The diagram includes numbered elements that correspond to the resource owner, resources, policies, incoming requests, and evaluation logic.](http://docs.amazonaws.cn/en_us/sns/latest/dg/images/AccessPolicyLanguage_Arch_Overview.gif)



|  |  | 
| --- |--- |
| 1 | You, the resource owner. | 
| 2 | Your resources (contained within the Amazon service; for example, Amazon SQS queues). | 
| 3 | Your policies.<br />Typically you have one policy per resource, although you could have multiple. The Amazon service itself provides an API you use to upload and manage your policies. | 
| 4 | Requesters and their incoming requests to the Amazon service. | 
| 5 | The access policy language evaluation code.<br />This is the set of code within the Amazon service that evaluates incoming requests against the applicable policies and determines whether the requester is allowed access to the resource. For information about how the service makes the decision, see [Evaluation logic](sns-access-policy-language-evaluation-logic.md). |