Search in sources :

Example 1 with Statement

use of com.amazonaws.auth.policy.Statement in project glacier-cli by carlossg.

the class Glacier method setupSQS.

// ==============
// Helper methods
// ==============
private QueueConfig setupSQS(String sqsQueueName) {
    QueueConfig config = new QueueConfig();
    CreateQueueRequest request = new CreateQueueRequest().withQueueName(sqsQueueName);
    CreateQueueResult result = sqsClient.createQueue(request);
    config.sqsQueueURL = result.getQueueUrl();
    GetQueueAttributesRequest qRequest = new GetQueueAttributesRequest().withQueueUrl(config.sqsQueueURL).withAttributeNames("QueueArn");
    GetQueueAttributesResult qResult = sqsClient.getQueueAttributes(qRequest);
    config.sqsQueueARN = qResult.getAttributes().get("QueueArn");
    Policy sqsPolicy = new Policy().withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers).withActions(SQSActions.SendMessage).withResources(new Resource(config.sqsQueueARN)));
    Map<String, String> queueAttributes = new HashMap<String, String>();
    queueAttributes.put("Policy", sqsPolicy.toJson());
    sqsClient.setQueueAttributes(new SetQueueAttributesRequest(config.sqsQueueURL, queueAttributes));
    return config;
}
Also used : Policy(com.amazonaws.auth.policy.Policy) GetQueueAttributesResult(com.amazonaws.services.sqs.model.GetQueueAttributesResult) GetQueueAttributesRequest(com.amazonaws.services.sqs.model.GetQueueAttributesRequest) HashMap(java.util.HashMap) Statement(com.amazonaws.auth.policy.Statement) CreateQueueRequest(com.amazonaws.services.sqs.model.CreateQueueRequest) Resource(com.amazonaws.auth.policy.Resource) CreateQueueResult(com.amazonaws.services.sqs.model.CreateQueueResult) SetQueueAttributesRequest(com.amazonaws.services.sqs.model.SetQueueAttributesRequest)

Example 2 with Statement

use of com.amazonaws.auth.policy.Statement in project herd by FINRAOS.

the class AwsPolicyBuilder method withKms.

/**
 * Adds a permission to allow the specified actions to the given KMS key id.
 *
 * @param kmsKeyId Full ARN to the kms key
 * @param actions List of actions
 *
 * @return This builder
 */
@SuppressWarnings("PMD.CloseResource")
public AwsPolicyBuilder withKms(String kmsKeyId, KmsActions... actions) {
    Statement statement = new Statement(Effect.Allow);
    statement.setActions(Arrays.asList(actions));
    statement.setResources(Arrays.asList(new Resource(kmsKeyId)));
    policy.getStatements().add(statement);
    return this;
}
Also used : Statement(com.amazonaws.auth.policy.Statement) Resource(com.amazonaws.auth.policy.Resource)

Example 3 with Statement

use of com.amazonaws.auth.policy.Statement in project herd by FINRAOS.

the class AwsPolicyBuilder method withS3.

/**
 * Adds a permission to allow the specified actions to the given bucket and s3 object key. The permission will allow the given actions only to the specified
 * object key. If object key is null, the permission is applied to the bucket itself.
 *
 * @param bucketName S3 bucket name
 * @param objectKey S3 object key
 * @param actions List of actions to allow
 *
 * @return This builder
 */
@SuppressWarnings("PMD.CloseResource")
public AwsPolicyBuilder withS3(String bucketName, String objectKey, S3Actions... actions) {
    Statement statement = new Statement(Effect.Allow);
    statement.setActions(Arrays.asList(actions));
    String resource = "arn:aws:s3:::" + bucketName;
    if (objectKey != null) {
        resource += "/" + objectKey;
    }
    statement.setResources(Arrays.asList(new Resource(resource)));
    policy.getStatements().add(statement);
    return this;
}
Also used : Statement(com.amazonaws.auth.policy.Statement) Resource(com.amazonaws.auth.policy.Resource)

Example 4 with Statement

use of com.amazonaws.auth.policy.Statement in project aws-doc-sdk-examples by awsdocs.

the class MakingRequestsWithFederatedTempCredentials method main.

public static void main(String[] args) throws IOException {
    Regions clientRegion = Regions.DEFAULT_REGION;
    String bucketName = "*** Specify bucket name ***";
    String federatedUser = "*** Federated user name ***";
    String resourceARN = "arn:aws:s3:::" + bucketName;
    try {
        AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withRegion(clientRegion).build();
        GetFederationTokenRequest getFederationTokenRequest = new GetFederationTokenRequest();
        getFederationTokenRequest.setDurationSeconds(7200);
        getFederationTokenRequest.setName(federatedUser);
        // Define the policy and add it to the request.
        Policy policy = new Policy();
        policy.withStatements(new Statement(Effect.Allow).withActions(S3Actions.ListObjects).withResources(new Resource(resourceARN)));
        getFederationTokenRequest.setPolicy(policy.toJson());
        // Get the temporary security credentials.
        GetFederationTokenResult federationTokenResult = stsClient.getFederationToken(getFederationTokenRequest);
        Credentials sessionCredentials = federationTokenResult.getCredentials();
        // Package the session credentials as a BasicSessionCredentials
        // object for an Amazon S3 client object to use.
        BasicSessionCredentials basicSessionCredentials = new BasicSessionCredentials(sessionCredentials.getAccessKeyId(), sessionCredentials.getSecretAccessKey(), sessionCredentials.getSessionToken());
        AmazonS3 s3Client = AmazonS3ClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(basicSessionCredentials)).withRegion(clientRegion).build();
        // To verify that the client works, send a listObjects request using
        // the temporary security credentials.
        ObjectListing objects = s3Client.listObjects(bucketName);
        System.out.println("No. of Objects = " + objects.getObjectSummaries().size());
    } catch (AmazonServiceException e) {
        // The call was transmitted successfully, but Amazon S3 couldn't process
        // it, so it returned an error response.
        e.printStackTrace();
    } catch (SdkClientException e) {
        // Amazon S3 couldn't be contacted for a response, or the client
        // couldn't parse the response from Amazon S3.
        e.printStackTrace();
    }
}
Also used : Policy(com.amazonaws.auth.policy.Policy) AmazonS3(com.amazonaws.services.s3.AmazonS3) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) Statement(com.amazonaws.auth.policy.Statement) GetFederationTokenRequest(com.amazonaws.services.securitytoken.model.GetFederationTokenRequest) Resource(com.amazonaws.auth.policy.Resource) ObjectListing(com.amazonaws.services.s3.model.ObjectListing) Regions(com.amazonaws.regions.Regions) AWSStaticCredentialsProvider(com.amazonaws.auth.AWSStaticCredentialsProvider) SdkClientException(com.amazonaws.SdkClientException) GetFederationTokenResult(com.amazonaws.services.securitytoken.model.GetFederationTokenResult) AmazonServiceException(com.amazonaws.AmazonServiceException) ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider) AWSSecurityTokenService(com.amazonaws.services.securitytoken.AWSSecurityTokenService) BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) Credentials(com.amazonaws.services.securitytoken.model.Credentials)

Aggregations

Resource (com.amazonaws.auth.policy.Resource)4 Statement (com.amazonaws.auth.policy.Statement)4 Policy (com.amazonaws.auth.policy.Policy)2 AmazonServiceException (com.amazonaws.AmazonServiceException)1 SdkClientException (com.amazonaws.SdkClientException)1 AWSStaticCredentialsProvider (com.amazonaws.auth.AWSStaticCredentialsProvider)1 BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)1 ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)1 Regions (com.amazonaws.regions.Regions)1 AmazonS3 (com.amazonaws.services.s3.AmazonS3)1 ObjectListing (com.amazonaws.services.s3.model.ObjectListing)1 AWSSecurityTokenService (com.amazonaws.services.securitytoken.AWSSecurityTokenService)1 Credentials (com.amazonaws.services.securitytoken.model.Credentials)1 GetFederationTokenRequest (com.amazonaws.services.securitytoken.model.GetFederationTokenRequest)1 GetFederationTokenResult (com.amazonaws.services.securitytoken.model.GetFederationTokenResult)1 CreateQueueRequest (com.amazonaws.services.sqs.model.CreateQueueRequest)1 CreateQueueResult (com.amazonaws.services.sqs.model.CreateQueueResult)1 GetQueueAttributesRequest (com.amazonaws.services.sqs.model.GetQueueAttributesRequest)1 GetQueueAttributesResult (com.amazonaws.services.sqs.model.GetQueueAttributesResult)1 SetQueueAttributesRequest (com.amazonaws.services.sqs.model.SetQueueAttributesRequest)1