Microsoft offers data mining tools in the cloud »
« Cast Iron with Google’s SDC attempts to simplify integration with Google Apps
April 12, 2009
Amazon adds several enhancements to its Simple Queue Service (SQS)

By Anand Ganesan | Filed under: Amazon and Cloud Computing

Last week when the world was busy with the release of Java support to Google App Engine, Amazon added several enhancements to its Simple Queue Service (SQS) which are mentioned below:

1. Added ability to share queues, including support for anonymous access.

2. Added Policy as a value for the Attribute.

3. Changed the global reference in the MessageQueue service.

4. Added one new operation for messages: ChangeMessageVisibility i.e. one can change the message persistence on a queue for more than the default persistence time of twelve hours.

5. Added two new access control operations: AddPermission and RemovePermission.

6. The SQS schema is now inline in the WSDL. There is no longer a separate URL for the schema.

7. Added a new endpoint for the European community.

The enhancements on access control to queues or the concept of shared queues  is similar to the features available in Websphere MQ, i.e. a queue can be “PUT” (i.e. write), “GET” (i.e. read) enabled or both. You can also control access (through authorization) to a queue using “setmqaut” command. However, Amazon’s SQS introduces access control on a queue in two ways:

a) A Simple API for shared queues
b) An advanced API for shared queues

The simple API provides two operations for sharing a queue namely: AddPermission (allows one to access a queue) and RemovePermission. With the simple API, Amazon writes a policy based on the information provided in the AddPermission operation. This policy is limited in scope. Here’s where the advanced API for shared queues helps. With the advanced API “you write the policy yourself directly in the access policy language and upload the policy with the SetQueueAttributes operation. The advanced API allows you to deny access or to apply finer access restrictions.”

From SQS developer documentation here:

“The following example policy gives the developer with AWS account number 123456789012 the SendMessage permission for the queue named 987654321098/queue1.”

sqs-policy1

The introduction of the policy language is an important announcement and Amazon is planning to use this policy language across all its other services.