use of com.amazonaws.auth.policy.Statement in project glacier-cli by carlossg.
the class Glacier method setupSQS.
// ==============
// Helper methods
// ==============
private QueueConfig setupSQS(String sqsQueueName) {
QueueConfig config = new QueueConfig();
CreateQueueRequest request = new CreateQueueRequest().withQueueName(sqsQueueName);
CreateQueueResult result = sqsClient.createQueue(request);
config.sqsQueueURL = result.getQueueUrl();
GetQueueAttributesRequest qRequest = new GetQueueAttributesRequest().withQueueUrl(config.sqsQueueURL).withAttributeNames("QueueArn");
GetQueueAttributesResult qResult = sqsClient.getQueueAttributes(qRequest);
config.sqsQueueARN = qResult.getAttributes().get("QueueArn");
Policy sqsPolicy = new Policy().withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers).withActions(SQSActions.SendMessage).withResources(new Resource(config.sqsQueueARN)));
Map<String, String> queueAttributes = new HashMap<String, String>();
queueAttributes.put("Policy", sqsPolicy.toJson());
sqsClient.setQueueAttributes(new SetQueueAttributesRequest(config.sqsQueueURL, queueAttributes));
return config;
}
use of com.amazonaws.auth.policy.Statement in project herd by FINRAOS.
the class AwsPolicyBuilder method withKms.
/**
* Adds a permission to allow the specified actions to the given KMS key id.
*
* @param kmsKeyId Full ARN to the kms key
* @param actions List of actions
*
* @return This builder
*/
@SuppressWarnings("PMD.CloseResource")
public AwsPolicyBuilder withKms(String kmsKeyId, KmsActions... actions) {
Statement statement = new Statement(Effect.Allow);
statement.setActions(Arrays.asList(actions));
statement.setResources(Arrays.asList(new Resource(kmsKeyId)));
policy.getStatements().add(statement);
return this;
}
use of com.amazonaws.auth.policy.Statement in project herd by FINRAOS.
the class AwsPolicyBuilder method withS3.
/**
* Adds a permission to allow the specified actions to the given bucket and s3 object key. The permission will allow the given actions only to the specified
* object key. If object key is null, the permission is applied to the bucket itself.
*
* @param bucketName S3 bucket name
* @param objectKey S3 object key
* @param actions List of actions to allow
*
* @return This builder
*/
@SuppressWarnings("PMD.CloseResource")
public AwsPolicyBuilder withS3(String bucketName, String objectKey, S3Actions... actions) {
Statement statement = new Statement(Effect.Allow);
statement.setActions(Arrays.asList(actions));
String resource = "arn:aws:s3:::" + bucketName;
if (objectKey != null) {
resource += "/" + objectKey;
}
statement.setResources(Arrays.asList(new Resource(resource)));
policy.getStatements().add(statement);
return this;
}
use of com.amazonaws.auth.policy.Statement in project aws-doc-sdk-examples by awsdocs.
the class MakingRequestsWithFederatedTempCredentials method main.
public static void main(String[] args) throws IOException {
Regions clientRegion = Regions.DEFAULT_REGION;
String bucketName = "*** Specify bucket name ***";
String federatedUser = "*** Federated user name ***";
String resourceARN = "arn:aws:s3:::" + bucketName;
try {
AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withRegion(clientRegion).build();
GetFederationTokenRequest getFederationTokenRequest = new GetFederationTokenRequest();
getFederationTokenRequest.setDurationSeconds(7200);
getFederationTokenRequest.setName(federatedUser);
// Define the policy and add it to the request.
Policy policy = new Policy();
policy.withStatements(new Statement(Effect.Allow).withActions(S3Actions.ListObjects).withResources(new Resource(resourceARN)));
getFederationTokenRequest.setPolicy(policy.toJson());
// Get the temporary security credentials.
GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(getFederationTokenRequest);
Credentials sessionCredentials = federationTokenResult.getCredentials();
// Package the session credentials as a BasicSessionCredentials
// object for an Amazon S3 client object to use.
BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken());
AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)).withRegion(clientRegion).build();
// To verify that the client works, send a listObjects request using
// the temporary security credentials.
ObjectListing objects = s3Client.listObjects(bucketName);
System.out.println("No. of Objects = " + objects.getObjectSummaries().size());
} catch (AmazonServiceException e) {
// The call was transmitted successfully, but Amazon S3 couldn't process
// it, so it returned an error response.
e.printStackTrace();
} catch (SdkClientException e) {
// Amazon S3 couldn't be contacted for a response, or the client
// couldn't parse the response from Amazon S3.
e.printStackTrace();
}
}
Aggregations