Using custom policies with the Amazon SQS Access Policy Language

To grant basic permissions (such as SendMessage or ReceiveMessage) based only on an AWS account ID, you don’t need to write a custom policy. Instead, use the Amazon SQS AddPermission action.

To allow or deny access based on specific conditions, such as request time or the requester's IP address, you must create a custom Amazon SQS policy and upload it using the SetQueueAttributes action.

Topics

Access control architecture
Access control process workflow
Access Policy Language key concepts
Access Policy Language evaluation logic
Relationships between explicit and default denials
Custom policy limitations
Custom Access Policy Language examples

Document Conventions

Basic Amazon SQS policy examples

Access control architecture