Amazon Simple Queue Service
API Reference (API Version 2011-10-01)
AWS Documentation » Amazon Simple Queue Service Documentation » API Reference Guide » Actions » AddPermission
Print this pageEmail this pageGo to the ForumsView the PDFShare this page on TwitterShare this page on FacebookBookmark this page on DeliciousSubmit this page to RedditSubmit this page to DiggDid this page help you?  Yes  No   Tell us about it...

AddPermission

Description

The AddPermission action adds a permission to a queue for a specific principal. This allows for sharing access to the queue.

When you create a queue, you have full control access rights for the queue. Only you (as owner of the queue) can grant or deny permissions to the queue. For more information about these permissions, see Shared Queues in the Amazon SQS Developer Guide.

[Note]Note

AddPermission writes an SQS-generated policy. If you want to write your own policy, use SetQueueAttributes to upload your policy. For more information about writing your own policy, see Appendix: The Access Policy Language in the Amazon SQS Developer Guide.

Request Parameters

The following table lists the special request parameters the AddPermission action uses in addition to the common parameters all actions use (for more information, see Common Query Parameters).

[Note]Note

Some API operations take lists of parameters. These lists are specified using the param.n notation. Values of n are integers starting from 1. For example, a parameter list with two elements looks like this:

&Attribute.1=this
&Attribute.2=that
NameDescriptionRequired

Label

The unique identification of the permission you're setting.

Type: String (example: AliceSendMessage)

Constraints: Maximum 80 characters; alphanumeric characters, hyphens (-), and underscores (_) are allowed.

Default: None

Yes

AWSAccountId.n

The AWS account number of the principal who will be given permission. The principal must have an AWS account, but does not need to be signed up for Amazon SQS. For information about locating the AWS account identification, see Your AWS Identifiers in the Amazon SQS Developer Guide.

Type: String

Constraints: Valid 12-digit AWS account number, without hyphens

Default: None

Yes

ActionName.n

The action you want to allow for the specified principal. For more information about these actions, see Understanding Permissions in the Amazon SQS Developer Guide.

Type: String

Valid values: * | SendMessage | ReceiveMessage | DeleteMessage | ChangeMessageVisibility | GetQueueAttributes | GetQueueUrl

Default: None

Yes

[Note]Note

Specifying SendMessage, DeleteMessage, or ChangeMessageVisibility for the ActionName.n also grants permissions for the corresponding batch versions of those actions: SendMessageBatch, DeleteMessageBatch, and ChangeMessageVisibilityBatch.

Response Elements

The AddPermission response only returns metadata. For more information, see Responses in the Amazon SQS Developer Guide.

Examples

The following example Query request grants a SendMessage permission to the principal whose AWS account number is 125074342641.

Sample Request

http://sqs.us-east-1.amazonaws.com/123456789012/testQueue/
?Action=AddPermission
&Label=testLabel
&AWSAccountId.1=125074342641
&ActionName.1=SendMessage
&AWSAccountId.2=125074342642
&ActionName.2=ReceiveMessage
&Version=2009-02-01
&SignatureMethod=HmacSHA256
&Expires=2009-04-18T22%3A52%3A43PST
&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&SignatureVersion=2
&Signature=Dqlp3Sd6ljTUA9Uf6SGtEExwUQEXAMPLE

Sample Response

<AddPermissionResponse>
    <ResponseMetadata>
        <RequestId>
            9a285199-c8d6-47c2-bdb2-314cb47d599d
        </RequestId>
    </ResponseMetadata>
</AddPermissionResponse>

Related Actions

Document Conventions
Terms of Use		Did this page help you?  Yes  No   Tell us about it...