UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

44 lines (43 loc) 1.85 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{ "resources": { "Queue": { "hasResourcePolicy": true, "grants": { "consumeMessages": { "actions": [ "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:GetQueueUrl", "sqs:DeleteMessage", "sqs:GetQueueAttributes" ], "keyActions": [ "kms:Decrypt" ], "docSummary": "Grant permissions to consume messages from a queue\n\nThis will grant the following permissions:\n\n - sqs:ChangeMessageVisibility\n - sqs:DeleteMessage\n - sqs:ReceiveMessage\n - sqs:GetQueueAttributes\n - sqs:GetQueueUrl\n\nIf encryption is used, permission to use the key to decrypt the contents of the queue will also be granted to the same principal.\n\nThis will grant the following KMS permissions:\n\n - kms:Decrypt" }, "sendMessages": { "actions": [ "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ], "keyActions": [ "kms:Decrypt", "kms:Encrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*" ], "docSummary": "Grant access to send messages to a queue to the given identity.\n\nThis will grant the following permissions:\n\n - sqs:SendMessage\n - sqs:GetQueueAttributes\n - sqs:GetQueueUrl\n\nIf encryption is used, permission to use the key to encrypt/decrypt the contents of the queue will also be granted to the same principal.\n\nThis will grant the following KMS permissions:\n\n - kms:Decrypt\n - kms:Encrypt\n - kms:ReEncrypt*\n - kms:GenerateDataKey*" }, "purge": { "actions": [ "sqs:PurgeQueue", "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ] } } } } }