:doc:`SQS <../../sqs>` / Client / add_permission

**************
add_permission
**************



.. py:method:: SQS.Client.add_permission(**kwargs)

  

  Adds a permission to a queue for a specific `principal <https://docs.aws.amazon.com/general/latest/gr/glos-chap.html#P>`__. This allows sharing access to the queue.

   

  When you create a queue, you have full control access rights for the queue. Only you, the owner of the queue, can grant or deny permissions to the queue. For more information about these permissions, see `Allow Developers to Write Messages to a Shared Queue <https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-writing-an-sqs-policy.html#write-messages-to-shared-queue>`__ in the *Amazon SQS Developer Guide*.

   

  .. note::

    

    
    * ``AddPermission`` generates a policy for you. You can use ``SetQueueAttributes`` to upload your policy. For more information, see `Using Custom Policies with the Amazon SQS Access Policy Language <https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-creating-custom-policies.html>`__ in the *Amazon SQS Developer Guide*.
     
    * An Amazon SQS policy can have a maximum of seven actions per statement.
     
    * To remove the ability to change queue permissions, you must deny permission to the ``AddPermission``, ``RemovePermission``, and ``SetQueueAttributes`` actions in your IAM policy.
     
    * Amazon SQS ``AddPermission`` does not support adding a non-account principal.
    

    

   

  .. note::

    

    Cross-account permissions don't apply to this action. For more information, see `Grant cross-account permissions to a role and a username <https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-customer-managed-policy-examples.html#grant-cross-account-permissions-to-role-and-user-name>`__ in the *Amazon SQS Developer Guide*.

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/sqs-2012-11-05/AddPermission>`_  


  **Request Syntax**
  ::

    response = client.add_permission(
        QueueUrl='string',
        Label='string',
        AWSAccountIds=[
            'string',
        ],
        Actions=[
            'string',
        ]
    )
    
  :type QueueUrl: string
  :param QueueUrl: **[REQUIRED]** 

    The URL of the Amazon SQS queue to which permissions are added.

     

    Queue URLs and names are case-sensitive.

    

  
  :type Label: string
  :param Label: **[REQUIRED]** 

    The unique identification of the permission you're setting (for example, ``AliceSendMessage``). Maximum 80 characters. Allowed characters include alphanumeric characters, hyphens ( ``-``), and underscores ( ``_``).

    

  
  :type AWSAccountIds: list
  :param AWSAccountIds: **[REQUIRED]** 

    The Amazon Web Services account numbers of the `principals <https://docs.aws.amazon.com/general/latest/gr/glos-chap.html#P>`__ who are to receive permission. For information about locating the Amazon Web Services account identification, see `Your Amazon Web Services Identifiers <https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-making-api-requests.html#sqs-api-request-authentication>`__ in the *Amazon SQS Developer Guide*.

    

  
    - *(string) --* 

    

  :type Actions: list
  :param Actions: **[REQUIRED]** 

    The action the client wants to allow for the specified principal. Valid values: the name of any action or ``*``.

     

    For more information about these actions, see `Overview of Managing Access Permissions to Your Amazon Simple Queue Service Resource <https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-overview-of-managing-access.html>`__ in the *Amazon SQS Developer Guide*.

     

    Specifying ``SendMessage``, ``DeleteMessage``, or ``ChangeMessageVisibility`` for ``ActionName.n`` also grants permissions for the corresponding batch versions of those actions: ``SendMessageBatch``, ``DeleteMessageBatch``, and ``ChangeMessageVisibilityBatch``.

    

  
    - *(string) --* 

    

  
  :returns: None
  **Exceptions**
  
  *   :py:class:`SQS.Client.exceptions.OverLimit`

  
  *   :py:class:`SQS.Client.exceptions.RequestThrottled`

  
  *   :py:class:`SQS.Client.exceptions.QueueDoesNotExist`

  
  *   :py:class:`SQS.Client.exceptions.InvalidAddress`

  
  *   :py:class:`SQS.Client.exceptions.InvalidSecurity`

  
  *   :py:class:`SQS.Client.exceptions.UnsupportedOperation`

  