Prev Documentation Feedback Next
Welcome » API Reference » API Actions » AddPermission

AddPermission

Description

The AddPermission action adds a permission to a queue for a specific principal. This allows for sharing access to the queue.

When you create a queue, you have full control access rights for the queue. Only you (as owner of the queue) can grant or deny permissions to the queue. For more information about these permissions, see Shared Queues.

[Note]Note

AddPermission writes an SQS-generated policy. If you want to write your own policy, use SetQueueAttributes to upload your policy. For more information about writing your own policy, see Appendix: The Access Policy Language.

Request Parameters

The following table lists the special request parameters the AddPermission action uses in addition to the common parameters all actions use (for more information, see Request Parameters Common to All Actions).

[Note]Programming Note

Some API operations take lists of parameters. These lists are specified using the param.n notation. Values of n are integers starting from 1. Use this notation for Query requests. For SOAP requests add another element for each additional parameter value. For example, in Query a parameter list looks like this:

&Attribute.1=this
&Attribute.2=that

In SOAP, a parameter list looks like this:

<Attribute>this<Attribute>
<Attribute>that<Attribute>
NameDescriptionRequired

Label

The unique identification of the permission you're setting.

Type: String (example: AliceSendMessage)

Constraints: Maximum 80 characters; alphanumeric characters, hyphens (-), and underscores (_) are allowed.

Default: None

Yes

AWSAccountId.n

The AWS account number of the principal who will be given permission. The principal must have an AWS account, but does not need to be signed up for Amazon SQS. For information about locating the AWS account identification, see Your AWS Identifiers.

Type: String

Constraints: Valid 12-digit AWS account number, without hyphens

Default: None

Yes

ActionName.n

The action you want to allow for the specified principal. For more information about these actions, see Understanding Permissions.

Type: String

Valid values: * | SendMessage | ReceiveMessage | DeleteMessage | ChangeMessageVisibility | GetQueueAttributes

Default: None

Yes

Response Elements

The AddPermission response only returns metadata. For more information, see Structure of a Successful Response.

Examples

The following example Query request grants a SendMessage permission to the principal whose AWS account number is 125074342641.

Sample Request

http://queue.amazonaws.com/123456789012/testQueue/
?Action=AddPermission
&Label=testLabel
&AWSAccountId.1=125074342641
&ActionName.1=SendMessage
&AWSAccountId.2=125074342642
&ActionName.2=ReceiveMessage
&Version=2009-02-01
&SignatureMethod=HmacSHA256
&Expires=2009-04-18T22%3A52%3A43PST
&AWSAccessKeyId=0GS7553JW74RRM612K02EXAMPLE
&SignatureVersion=2
&Signature=Dqlp3Sd6ljTUA9Uf6SGtEExwUQEXAMPLE

Sample Response

<AddPermissionResponse>
    <ResponseMetadata>
        <RequestId>
            9a285199-c8d6-47c2-bdb2-314cb47d599d
        </RequestId>
    </ResponseMetadata>
</AddPermissionResponse>

Related Actions

Prev Documentation Feedback
Copyright Information		 Next
 Home