 | Documentation Feedback |  |
Each policy is a JSON document. As illustrated in the following figure, a policy includes:
Optional policy-wide information (at the top of the document)
One or more individual statements
Each statement includes the core information about a single permission. If a policy includes multiple statements, we apply a logical OR across the statements at evaluation time. If multiple policies are applicable to a request, we apply a logical OR across the policies at evaluation time.
The information in a statement is contained within a series of elements. For information about these elements, see Element Descriptions.
Example
The following simple policy allows an AWS developer with account ID 1234-5678-9012 to send and read from the Amazon SQS queue named queue2 (owned by the developer with account ID 9876-5432-1000), given that the request comes from the 10.52.176.0/24 address range, and the request comes in before noon on June 30, 2009 (UTC).
{
"Version":"2008-10-17",
"Id":"cd3ad3d9-2776-4ef1-a904-4c229d1642ee",
"Statement" : [
{
"Sid":"1",
"Effect":"Allow",
"Principal" : {
"AWS": "123456789012"
},
"Action":["SQS:SendMessage","SQS:ReceiveMessage"],
"Resource": "/987654321000/queue2",
"Condition" : {
"IpAddress" : {
"AWS:SourceIp":"10.52.176.0/24"
},
"DateLessThan" : {
"AWS:CurrentTime":"2009-06-30T12:00Z"
}
}
}
]
}