SQS / Client / add_permission
add_permission#
- SQS.Client.add_permission(**kwargs)#
Adds a permission to a queue for a specific principal. This allows sharing access to the queue.
When you create a queue, you have full control access rights for the queue. Only you, the owner of the queue, can grant or deny permissions to the queue. For more information about these permissions, see Allow Developers to Write Messages to a Shared Queue in the Amazon SQS Developer Guide.
Note
AddPermission
generates a policy for you. You can useSetQueueAttributes
to upload your policy. For more information, see Using Custom Policies with the Amazon SQS Access Policy Language in the Amazon SQS Developer Guide.An Amazon SQS policy can have a maximum of seven actions per statement.
To remove the ability to change queue permissions, you must deny permission to the
AddPermission
,RemovePermission
, andSetQueueAttributes
actions in your IAM policy.Amazon SQS
AddPermission
does not support adding a non-account principal.
Note
Cross-account permissions don’t apply to this action. For more information, see Grant cross-account permissions to a role and a username in the Amazon SQS Developer Guide.
See also: AWS API Documentation
Request Syntax
response = client.add_permission( QueueUrl='string', Label='string', AWSAccountIds=[ 'string', ], Actions=[ 'string', ] )
- Parameters:
QueueUrl (string) –
[REQUIRED]
The URL of the Amazon SQS queue to which permissions are added.
Queue URLs and names are case-sensitive.
Label (string) –
[REQUIRED]
The unique identification of the permission you’re setting (for example,
AliceSendMessage
). Maximum 80 characters. Allowed characters include alphanumeric characters, hyphens (-
), and underscores (_
).AWSAccountIds (list) –
[REQUIRED]
The Amazon Web Services account numbers of the principals who are to receive permission. For information about locating the Amazon Web Services account identification, see Your Amazon Web Services Identifiers in the Amazon SQS Developer Guide.
(string) –
Actions (list) –
[REQUIRED]
The action the client wants to allow for the specified principal. Valid values: the name of any action or
*
.For more information about these actions, see Overview of Managing Access Permissions to Your Amazon Simple Queue Service Resource in the Amazon SQS Developer Guide.
Specifying
SendMessage
,DeleteMessage
, orChangeMessageVisibility
forActionName.n
also grants permissions for the corresponding batch versions of those actions:SendMessageBatch
,DeleteMessageBatch
, andChangeMessageVisibilityBatch
.(string) –
- Returns:
None
Exceptions