Amazon SQS - Add permission

Declaration

<AMAWSSQS ACTIVITY="add_permission" ACCESSKEY="text" 
SECRETKEY="text (encrypted)" USERAGENT="text" 
MAXERRORRETRY="number" SERVICEURL="text" PROXYHOST="text" 
PROXYPORT="number" PROXYUSER="text" PROXYPWD="text (encrypted)" 
SIGNMETHOD="text" SIGNVERSION="number" 
QUEUEURL="text" LABEL="text" ACTION="text (options)" AWSACCOUNT="text" />

Description: Adds a permission to a queue for a specific principal. This allows for sharing access to the queue. This activity writes an SQS-generated policy. If you want to write your own policy, use the Set Queue Attributes activity to upload your policy.

IMPORTANT: SQS activities use Amazon's SQS engine to perform their work, therefore, launching and operating Amazon SQS requires a valid Access Key ID and Secret Access Key.

Practical Usage

Allows for sharing access to the queue. When you create a queue, you have full control access rights for the queue. Only you (as owner of the queue) can grant or deny permissions to the queue.

Connection Parameters

Property	Type	Required	Default	Markup	Description
Connection					Indicates where AWS user credentials and preferences should originate from. This is a design mode parameter used only during task construction and configuration, thus, comprises no markup. The available options are: Host (default) - Specifies that user credentials and/or advanced preferences are configured individually for this activity. This option is normally chosen if only a single activity is required to complete an operation. Session - Specifies that user credentials and/or advanced preferences are obtained from a pre-configured session created in an earlier step with the use of the SQS - Create session activity. This option is normally chosen if a combination of related activities are required to complete an operation. Linking several activities to a single session eliminates redundancy. Additionally, a single task supports construction and simultaneous execution of multiple sessions, improving efficiency.
Session	Text	Yes if connection is session-based	SQSSession1	SESSION="SQSession1"	The name of an existing session to attach this activity to. This parameter is active only if the Connection parameter is set to Session. The default session name is 'SQSSession1'.
Access key	Text	Yes if connection is host-based	(Empty)	ACCESSKEY= "022QF06E7MXBSH9DHM02"	A 20-character alphanumeric string that uniquely identifies the owner of the AWS service account, similar to a username. This key along with a corresponding secret access key forms a secure information set that AWS uses to confirm a valid user's identity. This parameter is active only if the Connection parameter is set to Host.
Secret Access key	Text	Yes if connection is host-based	(Empty)	SECRETKEY= "kWcrlUX5JEDGM/LtmEENI/ aVmYvHNif5zB+d9+ct"	A 40-character string that serves the role as password to access the AWS service account. This along with an associated access key forms a secure information set that SQS uses to confirm a valid user's identity. This parameter is active only if the Connection parameter is set to Host.
User agent	Text	No	AutoMate	USERAGENT="AutoMate"	The name of the client or application initiating requests to AWS, which in this case, is AutoMate. This parameter's default value is 'AutoMate'.
Service URL	Text	No	(Empty)	SERVICEURL= "https://sqs.eu-west-1.amazonaws.com"	The URL that provides the service endpoint. To make the service call to a different region, you can pass the region-specific endpoint URL. For example, entering https://sqs.us-west-1.amazonaws.com points to US West (Northern California) region. A complete list of SQS regions, along with their associated endpoints and valid protocols can be found below under SQS Endpoints and Regions.
Maximum retry on error	Number	No	(Empty)	MAXERRORRETRY="4"	The total amount of times this activity should retry its request to the server before returning an error. Network components can generate errors anytime in the life of a request, thus, implementing retries can increase reliability.
Proxy host	Text	No	(Empty)	PROXYHOST="proxy.host.com"	The host name (e.g., server.domain.com) or IP address (e.g., xxx.xxx.xxx.xxx) of the proxy server to use when connecting to AWS.
Proxy port	Number	No	(Empty)	PROXYPORT="1028"	The port that should be used to connect to the proxy server.
Proxy username	Text	No	(Empty)	PROXYUSER="username"	The username that should be used to authenticate connection with the proxy server (if required).
Proxy password	Text	No	(Empty)	PROXYPWD="encrypted"	The password that should be used to authenticate connection with the proxy server (if required).
Signature method	Text	No	(Empty)	SIGNMETHOD="HmacSHA256"	The signature method to use for signing the request. This provides a valid hashing algorithm for signature calculation. Acceptable AWS signature methods are HmacSHA1 and HmacSHA256.
Signature version	Number	No	(Empty)	SIGNVERSION="2"	The signature version for signing the request. Valid AWS signature versions are 2 and 4. The difference with version 4 is that it allows you to sign your message using a key that is derived from your secret access key rather than using the secret access key itself.

Queue Parameters

Property	Type	Required	Default	Markup	Description
Queue URL	Text	Yes	(Empty)	QUEUEURL= "https://queue.amazonaws.com/ 963068290131/Notification"	The URL uniquely identifying the queue used for this activity.
Label	Text	No	(Empty)	LABEL="message"	The unique identification of the permission you are setting.
Action name	Text	Yes	(Empty)	ACTION="*" ACTION="SendMessage" ACTION="ReceiveMessage" ACTION="DeleteMessage" ACTION="ChangeMessageVisibility" ACTION="GetQueueAttributes"	The action to allow for the specified principal. The available options are: * - This permission type grants the following actions to a principal on a shared queue: receive messages, send messages, delete messages, change a message's visibility, get a queue's attributes. Send Message - Grants permission to send messages to the queue. Receive Message - Grants permission to receive messages in the queue. Delete Message - Grants permission to delete messages from the queue. Change Message Visibility - Grants permission to extend or terminate the read lock timeout of a specified message. Get Queue Attributes - Grants permission to receive all of the queue attributes except the policy, which can only be accessed by the queue's owner.
AWS account ID	Number	Yes	(Empty)	AWSACCOUNT="125074342641"	The 12-digit Amazon Web Service account number of the principal who will be given permission. NOTE: The principal must have an AWS account, but does not need to be signed up for Amazon SQS.

Description tab - A custom description can be provided on the Description tab to convey additional information or share special notes about a task step.

Error Causes tab - Specify how this step should behave upon the occurrence of an error. (Refer to Task Builder > Error Causes Tab for details.)

On Error tab - Specify what AWE should do if this step encounters an error as defined on the Error Causes tab. (Refer to Task Builder > On Error Tab for details.)

SQS Endpoints and Regions

For a complete list of Amazon Service endpoints, refer to the AWS documentation at https://docs.aws.amazon.com/general/latest/gr/rande.html.

Example

The sample AML code below can be copied and pasted directly into the Steps panel of the Task Builder.

Description: Add "*" permission to queue "%test.QueueURL%". Permission label is "SendMessage". Give permission to AWS account id "125074342641". Use default SQS session.

<AMAWSSQS ACTIVITY="add_permission" QUEUEURL="%test.QueueURL%" 
LABEL="SendMessage" ACTION="*" AWSACCOUNT="125074342641" />

v10 | 202208121109

Copyright Help/Systems LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.