Docs Home
AWS v7.5.0 published on Wednesday, Aug 20, 2025 by Pulumi
aws.sqs.QueuePolicy
Explore with Pulumi AI
Allows you to set a policy of an SQS Queue while referencing the ARN of the queue within the policy.
!> AWS will hang indefinitely when creating or updating an aws.sqs.Queue with an associated policy if Version = "2012-10-17" is not explicitly set in the policy. See below for an example of how to avoid this issue.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const q = new aws.sqs.Queue("q", {name: "examplequeue"});
const test = q.arn.apply(arn => aws.iam.getPolicyDocumentOutput({
statements: [{
sid: "First",
effect: "Allow",
principals: [{
type: "*",
identifiers: ["*"],
}],
actions: ["sqs:SendMessage"],
resources: [arn],
conditions: [{
test: "ArnEquals",
variable: "aws:SourceArn",
values: [example.arn],
}],
}],
}));
const testQueuePolicy = new aws.sqs.QueuePolicy("test", {
queueUrl: q.id,
policy: test.apply(test => test.json),
});
import pulumi
import pulumi_aws as aws
q = aws.sqs.Queue("q", name="examplequeue")
test = q.arn.apply(lambda arn: aws.iam.get_policy_document_output(statements=[{
"sid": "First",
"effect": "Allow",
"principals": [{
"type": "*",
"identifiers": ["*"],
}],
"actions": ["sqs:SendMessage"],
"resources": [arn],
"conditions": [{
"test": "ArnEquals",
"variable": "aws:SourceArn",
"values": [example["arn"]],
}],
}]))
test_queue_policy = aws.sqs.QueuePolicy("test",
queue_url=q.id,
policy=test.json)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/sqs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
q, err := sqs.NewQueue(ctx, "q", &sqs.QueueArgs{
Name: pulumi.String("examplequeue"),
})
if err != nil {
return err
}
test := q.Arn.ApplyT(func(arn string) (iam.GetPolicyDocumentResult, error) {
return iam.GetPolicyDocumentResult(interface{}(iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: []iam.GetPolicyDocumentStatement{
{
Sid: "First",
Effect: "Allow",
Principals: []iam.GetPolicyDocumentStatementPrincipal{
{
Type: "*",
Identifiers: []string{
"*",
},
},
},
Actions: []string{
"sqs:SendMessage",
},
Resources: []string{
arn,
},
Conditions: []iam.GetPolicyDocumentStatementCondition{
{
Test: "ArnEquals",
Variable: "aws:SourceArn",
Values: interface{}{
example.Arn,
},
},
},
},
},
}, nil))), nil
}).(iam.GetPolicyDocumentResultOutput)
_, err = sqs.NewQueuePolicy(ctx, "test", &sqs.QueuePolicyArgs{
QueueUrl: q.ID(),
Policy: pulumi.String(test.ApplyT(func(test iam.GetPolicyDocumentResult) (*string, error) {
return &test.Json, nil
}).(pulumi.StringPtrOutput)),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var q = new Aws.Sqs.Queue("q", new()
{
Name = "examplequeue",
});
var test = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Sid = "First",
Effect = "Allow",
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Type = "*",
Identifiers = new[]
{
"*",
},
},
},
Actions = new[]
{
"sqs:SendMessage",
},
Resources = new[]
{
q.Arn,
},
Conditions = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionInputArgs
{
Test = "ArnEquals",
Variable = "aws:SourceArn",
Values = new[]
{
example.Arn,
},
},
},
},
},
});
var testQueuePolicy = new Aws.Sqs.QueuePolicy("test", new()
{
QueueUrl = q.Id,
Policy = test.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.sqs.Queue;
import com.pulumi.aws.sqs.QueueArgs;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.sqs.QueuePolicy;
import com.pulumi.aws.sqs.QueuePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var q = new Queue("q", QueueArgs.builder()
.name("examplequeue")
.build());
final var test = q.arn().applyValue(_arn -> IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.sid("First")
.effect("Allow")
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.type("*")
.identifiers("*")
.build())
.actions("sqs:SendMessage")
.resources(_arn)
.conditions(GetPolicyDocumentStatementConditionArgs.builder()
.test("ArnEquals")
.variable("aws:SourceArn")
.values(example.arn())
.build())
.build())
.build()));
var testQueuePolicy = new QueuePolicy("testQueuePolicy", QueuePolicyArgs.builder()
.queueUrl(q.id())
.policy(test.applyValue(_test -> _test.json()))
.build());
}
}
resources:
q:
type: aws:sqs:Queue
properties:
name: examplequeue
testQueuePolicy:
type: aws:sqs:QueuePolicy
name: test
properties:
queueUrl: ${q.id}
policy: ${test.json}
variables:
test:
fn::invoke:
function: aws:iam:getPolicyDocument
arguments:
statements:
- sid: First
effect: Allow
principals:
- type: '*'
identifiers:
- '*'
actions:
- sqs:SendMessage
resources:
- ${q.arn}
conditions:
- test: ArnEquals
variable: aws:SourceArn
values:
- ${example.arn}
Timeout Problems Creating/Updating
If Version = "2012-10-17" is not explicitly set in the policy, AWS may hang, causing the AWS provider to time out. To avoid this, make sure to include Version as shown in the example below.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.s3.Bucket("example", {bucket: "brodobaggins"});
const exampleQueue = new aws.sqs.Queue("example", {name: "be-giant"});
const exampleQueuePolicy = new aws.sqs.QueuePolicy("example", {
queueUrl: exampleQueue.id,
policy: pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [{
Sid: "Cejuwdam",
Effect: "Allow",
Principal: {
Service: "s3.amazonaws.com",
},
Action: "SQS:SendMessage",
Resource: exampleQueue.arn,
Condition: {
ArnLike: {
"aws:SourceArn": example.arn,
},
},
}],
}),
});
import pulumi
import json
import pulumi_aws as aws
example = aws.s3.Bucket("example", bucket="brodobaggins")
example_queue = aws.sqs.Queue("example", name="be-giant")
example_queue_policy = aws.sqs.QueuePolicy("example",
queue_url=example_queue.id,
policy=pulumi.Output.json_dumps({
"Version": "2012-10-17",
"Statement": [{
"Sid": "Cejuwdam",
"Effect": "Allow",
"Principal": {
"Service": "s3.amazonaws.com",
},
"Action": "SQS:SendMessage",
"Resource": example_queue.arn,
"Condition": {
"ArnLike": {
"aws:SourceArn": example.arn,
},
},
}],
}))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/s3"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/sqs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := s3.NewBucket(ctx, "example", &s3.BucketArgs{
Bucket: pulumi.String("brodobaggins"),
})
if err != nil {
return err
}
exampleQueue, err := sqs.NewQueue(ctx, "example", &sqs.QueueArgs{
Name: pulumi.String("be-giant"),
})
if err != nil {
return err
}
_, err = sqs.NewQueuePolicy(ctx, "example", &sqs.QueuePolicyArgs{
QueueUrl: exampleQueue.ID(),
Policy: pulumi.All(exampleQueue.Arn, example.Arn).ApplyT(func(_args []interface{}) (string, error) {
exampleQueueArn := _args[0].(string)
exampleArn := _args[1].(string)
var _zero string
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Sid": "Cejuwdam",
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "s3.amazonaws.com",
},
"Action": "SQS:SendMessage",
"Resource": exampleQueueArn,
"Condition": map[string]interface{}{
"ArnLike": map[string]interface{}{
"aws:SourceArn": exampleArn,
},
},
},
},
})
if err != nil {
return _zero, err
}
json0 := string(tmpJSON0)
return json0, nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.S3.Bucket("example", new()
{
BucketName = "brodobaggins",
});
var exampleQueue = new Aws.Sqs.Queue("example", new()
{
Name = "be-giant",
});
var exampleQueuePolicy = new Aws.Sqs.QueuePolicy("example", new()
{
QueueUrl = exampleQueue.Id,
Policy = Output.JsonSerialize(Output.Create(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Sid"] = "Cejuwdam",
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "s3.amazonaws.com",
},
["Action"] = "SQS:SendMessage",
["Resource"] = exampleQueue.Arn,
["Condition"] = new Dictionary<string, object?>
{
["ArnLike"] = new Dictionary<string, object?>
{
["aws:SourceArn"] = example.Arn,
},
},
},
},
})),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.Bucket;
import com.pulumi.aws.s3.BucketArgs;
import com.pulumi.aws.sqs.Queue;
import com.pulumi.aws.sqs.QueueArgs;
import com.pulumi.aws.sqs.QueuePolicy;
import com.pulumi.aws.sqs.QueuePolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Bucket("example", BucketArgs.builder()
.bucket("brodobaggins")
.build());
var exampleQueue = new Queue("exampleQueue", QueueArgs.builder()
.name("be-giant")
.build());
var exampleQueuePolicy = new QueuePolicy("exampleQueuePolicy", QueuePolicyArgs.builder()
.queueUrl(exampleQueue.id())
.policy(Output.tuple(exampleQueue.arn(), example.arn()).applyValue(values -> {
var exampleQueueArn = values.t1;
var exampleArn = values.t2;
return serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Sid", "Cejuwdam"),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "s3.amazonaws.com")
)),
jsonProperty("Action", "SQS:SendMessage"),
jsonProperty("Resource", exampleQueueArn),
jsonProperty("Condition", jsonObject(
jsonProperty("ArnLike", jsonObject(
jsonProperty("aws:SourceArn", exampleArn)
))
))
)))
));
}))
.build());
}
}
resources:
example:
type: aws:s3:Bucket
properties:
bucket: brodobaggins
exampleQueue:
type: aws:sqs:Queue
name: example
properties:
name: be-giant
exampleQueuePolicy:
type: aws:sqs:QueuePolicy
name: example
properties:
queueUrl: ${exampleQueue.id}
policy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Sid: Cejuwdam
Effect: Allow
Principal:
Service: s3.amazonaws.com
Action: SQS:SendMessage
Resource: ${exampleQueue.arn}
Condition:
ArnLike:
aws:SourceArn: ${example.arn}
Create QueuePolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new QueuePolicy(name: string, args: QueuePolicyArgs, opts?: CustomResourceOptions);@overload
def QueuePolicy(resource_name: str,
args: QueuePolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def QueuePolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
policy: Optional[Union[str, PolicyDocumentArgs]] = None,
queue_url: Optional[str] = None,
region: Optional[str] = None)func NewQueuePolicy(ctx *Context, name string, args QueuePolicyArgs, opts ...ResourceOption) (*QueuePolicy, error)public QueuePolicy(string name, QueuePolicyArgs args, CustomResourceOptions? opts = null)
public QueuePolicy(String name, QueuePolicyArgs args)
public QueuePolicy(String name, QueuePolicyArgs args, CustomResourceOptions options)
type: aws:sqs:QueuePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args QueuePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args QueuePolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args QueuePolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args QueuePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args QueuePolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var queuePolicyResource = new Aws.Sqs.QueuePolicy("queuePolicyResource", new()
{
Policy = "string",
QueueUrl = "string",
Region = "string",
});
example, err := sqs.NewQueuePolicy(ctx, "queuePolicyResource", &sqs.QueuePolicyArgs{
Policy: pulumi.Any("string"),
QueueUrl: pulumi.String("string"),
Region: pulumi.String("string"),
})
var queuePolicyResource = new QueuePolicy("queuePolicyResource", QueuePolicyArgs.builder()
.policy("string")
.queueUrl("string")
.region("string")
.build());
queue_policy_resource = aws.sqs.QueuePolicy("queuePolicyResource",
policy="string",
queue_url="string",
region="string")
const queuePolicyResource = new aws.sqs.QueuePolicy("queuePolicyResource", {
policy: "string",
queueUrl: "string",
region: "string",
});
type: aws:sqs:QueuePolicy
properties:
policy: string
queueUrl: string
region: string
QueuePolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The QueuePolicy resource accepts the following input properties:
- Policy
string | Policy
Document - Queue
Url string - URL of the SQS Queue to which to attach the policy.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Policy
string | Policy
Document Args - Queue
Url string - URL of the SQS Queue to which to attach the policy.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- policy
String | Policy
Document - queue
Url String - URL of the SQS Queue to which to attach the policy.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- policy
string | Policy
Document - queue
Url string - URL of the SQS Queue to which to attach the policy.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- policy
str | Policy
Document Args - queue_
url str - URL of the SQS Queue to which to attach the policy.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- policy String | Property Map
- queue
Url String - URL of the SQS Queue to which to attach the policy.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
Outputs
All input properties are implicitly available as output properties. Additionally, the QueuePolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing QueuePolicy Resource
Get an existing QueuePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: QueuePolicyState, opts?: CustomResourceOptions): QueuePolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
policy: Optional[Union[str, PolicyDocumentArgs]] = None,
queue_url: Optional[str] = None,
region: Optional[str] = None) -> QueuePolicyfunc GetQueuePolicy(ctx *Context, name string, id IDInput, state *QueuePolicyState, opts ...ResourceOption) (*QueuePolicy, error)public static QueuePolicy Get(string name, Input<string> id, QueuePolicyState? state, CustomResourceOptions? opts = null)public static QueuePolicy get(String name, Output<String> id, QueuePolicyState state, CustomResourceOptions options)resources: _: type: aws:sqs:QueuePolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Policy
string | Policy
Document - Queue
Url string - URL of the SQS Queue to which to attach the policy.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- Policy
string | Policy
Document Args - Queue
Url string - URL of the SQS Queue to which to attach the policy.
- Region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- policy
String | Policy
Document - queue
Url String - URL of the SQS Queue to which to attach the policy.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- policy
string | Policy
Document - queue
Url string - URL of the SQS Queue to which to attach the policy.
- region string
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- policy
str | Policy
Document Args - queue_
url str - URL of the SQS Queue to which to attach the policy.
- region str
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
- policy String | Property Map
- queue
Url String - URL of the SQS Queue to which to attach the policy.
- region String
- Region where this resource will be managed. Defaults to the Region set in the provider configuration.
Supporting Types
AWSPrincipal, AWSPrincipalArgs
- AWS string | List<string>
- AWS account identifier or ARN.
- AWS string | []string
- AWS account identifier or ARN.
- AWS String | List<String>
- AWS account identifier or ARN.
- AWS string | string[]
- AWS account identifier or ARN.
- aws str | Sequence[str]
- AWS account identifier or ARN.
- AWS String | List<String>
- AWS account identifier or ARN.
FederatedPrincipal, FederatedPrincipalArgs
- Federated string | List<string>
- The federated principal identifier.
- Federated string | []string
- The federated principal identifier.
- Federated String | List<String>
- The federated principal identifier.
- Federated string | string[]
- The federated principal identifier.
- federated str | Sequence[str]
- The federated principal identifier.
- Federated String | List<String>
- The federated principal identifier.
PolicyDocument, PolicyDocumentArgs
PolicyDocumentVersion, PolicyDocumentVersionArgs
- Policy
Document Version_2012_10_17 - 2012-10-17
- Policy
Document Version_2008_10_17 - 2008-10-17
- Policy
Document Version_2012_10_17 - 2012-10-17
- Policy
Document Version_2008_10_17 - 2008-10-17
- _20121017
- 2012-10-17
- _20081017
- 2008-10-17
- Policy
Document Version_2012_10_17 - 2012-10-17
- Policy
Document Version_2008_10_17 - 2008-10-17
- POLICY_DOCUMENT_VERSION_2012_10_17
- 2012-10-17
- POLICY_DOCUMENT_VERSION_2008_10_17
- 2008-10-17
- "2012-10-17"
- 2012-10-17
- "2008-10-17"
- 2008-10-17
PolicyStatement, PolicyStatementArgs
- Effect
Pulumi.
Aws. Iam. Policy Statement Effect - Indicate whether the policy allows or denies access.
- Action string | List<string>
- Include a list of actions that the policy allows or denies. Required (either Action or NotAction)
- Condition Dictionary<string, object>
- Specify the circumstances under which the policy grants permission.
- Not
Action string | List<string> - Include a list of actions that are not covered by this policy. Required (either Action or NotAction)
- Not
Principal string | Pulumi.Aws. | Pulumi.Iam. Inputs. AWSPrincipal Aws. | Pulumi.Iam. Inputs. Service Principal Aws. Iam. Inputs. Federated Principal - Indicate the account, user, role, or federated user to which this policy does not apply.
- Not
Resource string | List<string> - A list of resources that are specifically excluded by this policy.
- Principal
string | Pulumi.
Aws. | Pulumi.Iam. Inputs. AWSPrincipal Aws. | Pulumi.Iam. Inputs. Service Principal Aws. Iam. Inputs. Federated Principal - Indicate the account, user, role, or federated user to which you would like to allow or deny access. If you are creating a policy to attach to a user or role, you cannot include this element. The principal is implied as that user or role.
- Resource string | List<string>
- A list of resources to which the actions apply.
- Sid string
- An optional statement ID to differentiate between your statements.
- Effect
Policy
Statement Effect - Indicate whether the policy allows or denies access.
- Action string | []string
- Include a list of actions that the policy allows or denies. Required (either Action or NotAction)
- Condition map[string]interface{}
- Specify the circumstances under which the policy grants permission.
- Not
Action string | []string - Include a list of actions that are not covered by this policy. Required (either Action or NotAction)
- Not
Principal string | AWSPrincipal | ServicePrincipal | FederatedPrincipal - Indicate the account, user, role, or federated user to which this policy does not apply.
- Not
Resource string | []string - A list of resources that are specifically excluded by this policy.
- Principal
string | AWSPrincipal | Service
Principal | FederatedPrincipal - Indicate the account, user, role, or federated user to which you would like to allow or deny access. If you are creating a policy to attach to a user or role, you cannot include this element. The principal is implied as that user or role.
- Resource string | []string
- A list of resources to which the actions apply.
- Sid string
- An optional statement ID to differentiate between your statements.
- Effect
Policy
Statement Effect - Indicate whether the policy allows or denies access.
- Action String | List<String>
- Include a list of actions that the policy allows or denies. Required (either Action or NotAction)
- Condition Map<String,Object>
- Specify the circumstances under which the policy grants permission.
- Not
Action String | List<String> - Include a list of actions that are not covered by this policy. Required (either Action or NotAction)
- Not
Principal String | AWSPrincipal | ServicePrincipal | FederatedPrincipal - Indicate the account, user, role, or federated user to which this policy does not apply.
- Not
Resource String | List<String> - A list of resources that are specifically excluded by this policy.
- Principal
String | AWSPrincipal | Service
Principal | FederatedPrincipal - Indicate the account, user, role, or federated user to which you would like to allow or deny access. If you are creating a policy to attach to a user or role, you cannot include this element. The principal is implied as that user or role.
- Resource String | List<String>
- A list of resources to which the actions apply.
- Sid String
- An optional statement ID to differentiate between your statements.
- Effect
iam.
Policy Statement Effect - Indicate whether the policy allows or denies access.
- Action string | string[]
- Include a list of actions that the policy allows or denies. Required (either Action or NotAction)
- Condition {[key: string]: any}
- Specify the circumstances under which the policy grants permission.
- Not
Action string | string[] - Include a list of actions that are not covered by this policy. Required (either Action or NotAction)
- Not
Principal string | iam.AWSPrincipal | iam.Service | iam.Principal Federated Principal - Indicate the account, user, role, or federated user to which this policy does not apply.
- Not
Resource string | string[] - A list of resources that are specifically excluded by this policy.
- Principal
string | iam.
AWSPrincipal | iam.Service | iam.Principal Federated Principal - Indicate the account, user, role, or federated user to which you would like to allow or deny access. If you are creating a policy to attach to a user or role, you cannot include this element. The principal is implied as that user or role.
- Resource string | string[]
- A list of resources to which the actions apply.
- Sid string
- An optional statement ID to differentiate between your statements.
- effect
iam.
Policy Statement Effect - Indicate whether the policy allows or denies access.
- action str | Sequence[str]
- Include a list of actions that the policy allows or denies. Required (either Action or NotAction)
- condition Mapping[str, Any]
- Specify the circumstances under which the policy grants permission.
- not_
action str | Sequence[str] - Include a list of actions that are not covered by this policy. Required (either Action or NotAction)
- not_
principal str | iam.AWSPrincipal | iam.Service | iam.Principal Federated Principal - Indicate the account, user, role, or federated user to which this policy does not apply.
- not_
resource str | Sequence[str] - A list of resources that are specifically excluded by this policy.
- principal
str | iam.
AWSPrincipal | iam.Service | iam.Principal Federated Principal - Indicate the account, user, role, or federated user to which you would like to allow or deny access. If you are creating a policy to attach to a user or role, you cannot include this element. The principal is implied as that user or role.
- resource str | Sequence[str]
- A list of resources to which the actions apply.
- sid str
- An optional statement ID to differentiate between your statements.
- Effect "Allow" | "Deny"
- Indicate whether the policy allows or denies access.
- Action String | List<String>
- Include a list of actions that the policy allows or denies. Required (either Action or NotAction)
- Condition Map<Any>
- Specify the circumstances under which the policy grants permission.
- Not
Action String | List<String> - Include a list of actions that are not covered by this policy. Required (either Action or NotAction)
- Not
Principal String | Property Map | Property Map | Property Map - Indicate the account, user, role, or federated user to which this policy does not apply.
- Not
Resource String | List<String> - A list of resources that are specifically excluded by this policy.
- Principal String | Property Map | Property Map | Property Map
- Indicate the account, user, role, or federated user to which you would like to allow or deny access. If you are creating a policy to attach to a user or role, you cannot include this element. The principal is implied as that user or role.
- Resource String | List<String>
- A list of resources to which the actions apply.
- Sid String
- An optional statement ID to differentiate between your statements.
PolicyStatementEffect, PolicyStatementEffectArgs
- ALLOW
- Allow
- DENY
- Deny
- Policy
Statement Effect ALLOW - Allow
- Policy
Statement Effect DENY - Deny
- ALLOW
- Allow
- DENY
- Deny
- ALLOW
- Allow
- DENY
- Deny
- ALLOW
- Allow
- DENY
- Deny
- "Allow"
- Allow
- "Deny"
- Deny
ServicePrincipal, ServicePrincipalArgs
- Service string | List<string>
- The service principal identifier.
- Service string | []string
- The service principal identifier.
- Service String | List<String>
- The service principal identifier.
- Service string | string[]
- The service principal identifier.
- service str | Sequence[str]
- The service principal identifier.
- Service String | List<String>
- The service principal identifier.
Import
Using pulumi import, import SQS Queue Policies using the queue URL. For example:
$ pulumi import aws:sqs/queuePolicy:QueuePolicy test https://queue.amazonaws.com/123456789012/myqueue
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.