Posted On: Sep 28, 2023
Today, Amazon Simple Queue Service (SQS) announces support for Attribute-Based Access Control (ABAC) in Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich) and AWS GovCloud (US) Regions, enabling customers to bolster their overall security postures with a flexible and scalable access control solution. Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
ABAC is an authorization strategy that defines permissions based on tags attached to users and AWS resources. Today, you can already assign metadata to your SQS resources as tags. Each tag is a label comprising a customer-defined key and an optional value. You can now use tags to configure access permissions and policies. With flexibility of using multiple tags in your security policies, you can now set more granular access permissions, reflecting your organizational structures. This enhancement also allows you to easily scale your tag-based permissions to new employees without rewriting the permissions policy as organizations grow.
Getting started with ABAC for SQS is easy. You can simply add tags while creating your SQS queues and then create an IAM policy that allows or denies access to SQS resources based on your tags. You can use the AWS API, the AWS CLI, or the AWS Management Console to tag your resources. See SQS documentation for more information.
ABAC for SQS is now available in all AWS Commercial Regions and the AWS GovCloud (US) Regions where Amazon SQS is available.
To learn more about tagging in AWS, see AWS Tagging Strategies and Using Cost Allocation Tags.