Posted On: Nov 17, 2022

Today, Amazon Simple Queue Service (SQS) announces support for attribute-based access control (ABAC) using queue tags, enabling customers to bolster their overall security postures with a flexible and scalable access control solution. Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Amazon SQS significantly reduces the complexity and overhead associated with managing and operating message-oriented middleware, and empowers developers to focus on differentiating work.

ABAC is an authorization strategy that defines permissions based on tags attached to users and AWS resources. Today, you can already assign metadata to your SQS resources as tags. Each tag is a simple label comprising a customer defined key and an optional value that can make it easier to manage, search for, and filter resources. With this release, you can now use your tags to configure access permissions and policies. ABAC leverages multiple dimensions of attributes on your SQS resources to determine access permissions. With the flexibility of using multiple custom resource tags in your security policies, you can now easily set more granular access permissions based on resource attributes reflecting your organizational structures. This enhancement also  allows you to easily scale your tag-based permissions to new employees and changing resource structures, without rewriting the permissions policy as organizations grow.

Getting started with ABAC for SQS is easy. SQS supports using tags while creating queues. You can simply add tags while creating your SQS resources and then create an IAM policy that allows or denies access to SQS resources based on your tags. You can use the AWS API, the AWS CLI, or the AWS Management Console to tag your resources.

Attribute-based access control (ABAC) for SQS is available in all AWS Commercial Regions where Amazon SQS is available.

For more information on getting started with ABAC in SQS, see SQS documentation.

To learn more about tagging in AWS, see AWS Tagging Strategies and Using Cost Allocation Tags.