44 lines
1.8 KiB
JSON
44 lines
1.8 KiB
JSON
{
|
|
"resources": {
|
|
"Queue": {
|
|
"hasResourcePolicy": true,
|
|
"grants": {
|
|
"consumeMessages": {
|
|
"actions": [
|
|
"sqs:ReceiveMessage",
|
|
"sqs:ChangeMessageVisibility",
|
|
"sqs:GetQueueUrl",
|
|
"sqs:DeleteMessage",
|
|
"sqs:GetQueueAttributes"
|
|
],
|
|
"keyActions": [
|
|
"kms:Decrypt"
|
|
],
|
|
"docSummary": "Grant permissions to consume messages from a queue\n\nThis will grant the following permissions:\n\n - sqs:ChangeMessageVisibility\n - sqs:DeleteMessage\n - sqs:ReceiveMessage\n - sqs:GetQueueAttributes\n - sqs:GetQueueUrl\n\nIf encryption is used, permission to use the key to decrypt the contents of the queue will also be granted to the same principal.\n\nThis will grant the following KMS permissions:\n\n - kms:Decrypt"
|
|
},
|
|
"sendMessages": {
|
|
"actions": [
|
|
"sqs:SendMessage",
|
|
"sqs:GetQueueAttributes",
|
|
"sqs:GetQueueUrl"
|
|
],
|
|
"keyActions": [
|
|
"kms:Decrypt",
|
|
"kms:Encrypt",
|
|
"kms:ReEncrypt*",
|
|
"kms:GenerateDataKey*"
|
|
],
|
|
"docSummary": "Grant access to send messages to a queue to the given identity.\n\nThis will grant the following permissions:\n\n - sqs:SendMessage\n - sqs:GetQueueAttributes\n - sqs:GetQueueUrl\n\nIf encryption is used, permission to use the key to encrypt/decrypt the contents of the queue will also be granted to the same principal.\n\nThis will grant the following KMS permissions:\n\n - kms:Decrypt\n - kms:Encrypt\n - kms:ReEncrypt*\n - kms:GenerateDataKey*"
|
|
},
|
|
"purge": {
|
|
"actions": [
|
|
"sqs:PurgeQueue",
|
|
"sqs:GetQueueAttributes",
|
|
"sqs:GetQueueUrl"
|
|
]
|
|
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} |