AWS Documentation » Amazon Simple Queue Service Documentation » Developer Guide » Using The Access Policy Language » How to Write a Policy » Basic Policy Structure
Print this pageEmail this pageGo to the ForumsView the PDFShare this page on TwitterShare this page on FacebookBookmark this page on DeliciousSubmit this page to RedditSubmit this page to DiggDid this page help you?  Yes  No   Tell us about it...

Basic Policy Structure

Each policy is a JSON document. As illustrated in the following figure, a policy includes:

Each statement includes the core information about a single permission. If a policy includes multiple statements, we apply a logical OR across the statements at evaluation time. If multiple policies are applicable to a request, we apply a logical OR across the policies at evaluation time.

General policy structure

The information in a statement is contained within a series of elements. For information about these elements, see Element Descriptions.

Example

The following simple policy allows an AWS developer with account ID 1234-5678-9012 to send and read from the Amazon SQS queue named queue2 (owned by the developer with account ID 9876-5432-1000), given that the request comes from the 10.52.176.0/24 address range, and the request comes in before noon on June 30, 2009 (UTC).

{   
   "Version":"2008-10-17",
   "Id":"cd3ad3d9-2776-4ef1-a904-4c229d1642ee",
   "Statement" : [
      {
         "Sid":"1", 
         "Effect":"Allow",           
         "Principal" : {
            "aws": "123456789012"
         },
         "Action":["sqs:SendMessage","sqs:ReceiveMessage"], 
         "Resource": "/987654321000/queue2",
         "Condition" : {
            "IpAddress" : {
               "aws:SourceIp":"10.52.176.0/24"
            },
             "DateLessThan" : {
               "aws:CurrentTime":"2009-06-30T12:00Z"
            }
         }   
      }
   ]
}

Document Conventions
Terms of Use		Did this page help you?  Yes  No   Tell us about it...