Using custom policies with the Amazon SQS Access Policy Language

If you want to allow Amazon SQS access based only on an AWS account ID and basic permissions (such as for SendMessage or ReceiveMessage), you don't need to write your own policies. You can just use the Amazon SQS AddPermission action.

If you want to explicitly deny or allow access based on more specific conditions (such as the time the request comes in or the IP address of the requester), you need to write your own Amazon SQS policies and upload them to the AWS system using the Amazon SQS SetQueueAttributes action.

Topics

Amazon SQS access control architecture
Amazon SQS access control process workflow
Amazon SQS Access Policy Language key concepts
Amazon SQS Access Policy Language evaluation logic
Relationships between explicit and default denials in the Amazon SQS Access Policy Language
Limitations of Amazon SQS custom policies
Custom Amazon SQS Access Policy Language examples

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Basic Amazon SQS policy examples

Access control architecture