Example 1 with Resource
use of com.amazonaws.auth.policy.Resource in project glacier-cli by carlossg.
the class Glacier method setupSQS.
// ==============
// Helper methods
// ==============
private QueueConfig setupSQS(String sqsQueueName) {
QueueConfig config = new QueueConfig();
CreateQueueRequest request = new CreateQueueRequest().withQueueName(sqsQueueName);
CreateQueueResult result = sqsClient.createQueue(request);
config.sqsQueueURL = result.getQueueUrl();
GetQueueAttributesRequest qRequest = new GetQueueAttributesRequest().withQueueUrl(config.sqsQueueURL).withAttributeNames("QueueArn");
GetQueueAttributesResult qResult = sqsClient.getQueueAttributes(qRequest);
config.sqsQueueARN = qResult.getAttributes().get("QueueArn");
Policy sqsPolicy = new Policy().withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers).withActions(SQSActions.SendMessage).withResources(new Resource(config.sqsQueueARN)));
Map<String, String> queueAttributes = new HashMap<String, String>();
queueAttributes.put("Policy", sqsPolicy.toJson());
sqsClient.setQueueAttributes(new SetQueueAttributesRequest(config.sqsQueueURL, queueAttributes));
return config;
}
Also used :
Policy(com.amazonaws.auth.policy.Policy)
GetQueueAttributesResult(com.amazonaws.services.sqs.model.GetQueueAttributesResult)
GetQueueAttributesRequest(com.amazonaws.services.sqs.model.GetQueueAttributesRequest)
HashMap(java.util.HashMap)
Statement(com.amazonaws.auth.policy.Statement)
CreateQueueRequest(com.amazonaws.services.sqs.model.CreateQueueRequest)
Resource(com.amazonaws.auth.policy.Resource)
CreateQueueResult(com.amazonaws.services.sqs.model.CreateQueueResult)
SetQueueAttributesRequest(com.amazonaws.services.sqs.model.SetQueueAttributesRequest)
Example 2 with Resource
use of com.amazonaws.auth.policy.Resource in project herd by FINRAOS.
the class AwsPolicyBuilder method withKms.
/**
* Adds a permission to allow the specified actions to the given KMS key id.
*
* @param kmsKeyId Full ARN to the kms key
* @param actions List of actions
*
* @return This builder
*/
@SuppressWarnings("PMD.CloseResource")
public AwsPolicyBuilder withKms(String kmsKeyId, KmsActions... actions) {
Statement statement = new Statement(Effect.Allow);
statement.setActions(Arrays.asList(actions));
statement.setResources(Arrays.asList(new Resource(kmsKeyId)));
policy.getStatements().add(statement);
return this;
}Example 3 with Resource
use of com.amazonaws.auth.policy.Resource in project herd by FINRAOS.
the class AwsPolicyBuilder method withS3.
/**
* Adds a permission to allow the specified actions to the given bucket and s3 object key. The permission will allow the given actions only to the specified
* object key. If object key is null, the permission is applied to the bucket itself.
*
* @param bucketName S3 bucket name
* @param objectKey S3 object key
* @param actions List of actions to allow
*
* @return This builder
*/
@SuppressWarnings("PMD.CloseResource")
public AwsPolicyBuilder withS3(String bucketName, String objectKey, S3Actions... actions) {
Statement statement = new Statement(Effect.Allow);
statement.setActions(Arrays.asList(actions));
String resource = "arn:aws:s3:::" + bucketName;
if (objectKey != null) {
resource += "/" + objectKey;
}
statement.setResources(Arrays.asList(new Resource(resource)));
policy.getStatements().add(statement);
return this;
}Example 4 with Resource
use of com.amazonaws.auth.policy.Resource in project aws-doc-sdk-examples by awsdocs.
the class MakingRequestsWithFederatedTempCredentials method main.
public static void main(String[] args) throws IOException {
Regions clientRegion = Regions.DEFAULT_REGION;
String bucketName = "*** Specify bucket name ***";
String federatedUser = "*** Federated user name ***";
String resourceARN = "arn:aws:s3:::" + bucketName;
try {
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withRegion(clientRegion).build();
GetFederationTokenRequest getFederationTokenRequest = new GetFederationTokenRequest();
getFederationTokenRequest.setDurationSeconds(7200);
getFederationTokenRequest.setName(federatedUser);
// Define the policy and add it to the request.
Policy policy = new Policy();
policy.withStatements(new Statement(Effect.Allow).withActions(S3Actions.ListObjects).withResources(new Resource(resourceARN)));
getFederationTokenRequest.setPolicy(policy.toJson());
// Get the temporary security credentials.
GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(getFederationTokenRequest);
Credentials sessionCredentials = federationTokenResult.getCredentials();
// Package the session credentials as a BasicSessionCredentials
// object for an Amazon S3 client object to use.
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken());
AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)).withRegion(clientRegion).build();
// To verify that the client works, send a listObjects request using
// the temporary security credentials.
ObjectListing objects = s3Client.listObjects(bucketName);
System.out.println("No. of Objects = " + objects.getObjectSummaries().size());
} catch (AmazonServiceException e) {
// The call was transmitted successfully, but Amazon S3 couldn't process
// it, so it returned an error response.
e.printStackTrace();
} catch (SdkClientException e) {
// Amazon S3 couldn't be contacted for a response, or the client
// couldn't parse the response from Amazon S3.
e.printStackTrace();
}
}
Also used :
Policy(com.amazonaws.auth.policy.Policy)
AmazonS3(com.amazonaws.services.s3.AmazonS3)
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
Statement(com.amazonaws.auth.policy.Statement)
GetFederationTokenRequest(com.amazonaws.services.securitytoken.model.GetFederationTokenRequest)
Resource(com.amazonaws.auth.policy.Resource)
ObjectListing(com.amazonaws.services.s3.model.ObjectListing)
Regions(com.amazonaws.regions.Regions)
AWSStaticCredentialsProvider(com.amazonaws.auth.AWSStaticCredentialsProvider)
SdkClientException(com.amazonaws.SdkClientException)
GetFederationTokenResult(com.amazonaws.services.securitytoken.model.GetFederationTokenResult)
AmazonServiceException(com.amazonaws.AmazonServiceException)
ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider)
AWSSecurityTokenService(com.amazonaws.services.securitytoken.AWSSecurityTokenService)
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
Credentials(com.amazonaws.services.securitytoken.model.Credentials)
Aggregations
Resource (com.amazonaws.auth.policy.Resource)4
Statement (com.amazonaws.auth.policy.Statement)4
Policy (com.amazonaws.auth.policy.Policy)2
AmazonServiceException (com.amazonaws.AmazonServiceException)1
SdkClientException (com.amazonaws.SdkClientException)1
AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)1
BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)1
ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)1
Regions (com.amazonaws.regions.Regions)1
AmazonS3 (com.amazonaws.services.s3.AmazonS3)1
ObjectListing (com.amazonaws.services.s3.model.ObjectListing)1
AWSSecurityTokenService (com.amazonaws.services.securitytoken.AWSSecurityTokenService)1
Credentials (com.amazonaws.services.securitytoken.model.Credentials)1
GetFederationTokenRequest (com.amazonaws.services.securitytoken.model.GetFederationTokenRequest)1
GetFederationTokenResult (com.amazonaws.services.securitytoken.model.GetFederationTokenResult)1
CreateQueueRequest (com.amazonaws.services.sqs.model.CreateQueueRequest)1
CreateQueueResult (com.amazonaws.services.sqs.model.CreateQueueResult)1
GetQueueAttributesRequest (com.amazonaws.services.sqs.model.GetQueueAttributesRequest)1
GetQueueAttributesResult (com.amazonaws.services.sqs.model.GetQueueAttributesResult)1
SetQueueAttributesRequest (com.amazonaws.services.sqs.model.SetQueueAttributesRequest)1
