SQS provides an access control mechanism that allows you to specify who can access your queues and what actions they can perform. Access control settings are specified as a set of rules, and each rule associates a specific permission with a grantee who receives that permission. For any action to be permitted in SQS, the user performing the action must have been granted the permission to perform that action with an explicit rule.
Access control settings can be applied only at the queue level and not to individual messages, so if you make a queue accessible to others, make sure you do not send any private messages to that queue.
There is only one kind of grantee who can be assigned access permissions with queue access controls: individual SQS users. SQS users are identified by their AWS canonical identifier, a long, hex-encoded value that uniquely identifies an individual AWS user account. Because this user ID value is difficult for humans to work with, SQS allows us to identify users with their Amazon email address when adding new rules.
SQS access control rules apply one of three permission settings:
The grantee is allowed to receive, peek at, and delete messages in the queue.
The grantee is allowed to send messages to the queue.
The grantee is allowed to perform any action on the queue or on messages in the queue. In addition to being able to send, receive, and delete messages, a user with full permissions ...