com.amazonaws.auth.policy.package-info Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of aws-java-sdk-core Show documentation
Show all versions of aws-java-sdk-core Show documentation
The AWS SDK for Java - Core module holds the classes that are used by the individual service clients to interact with Amazon Web Services. Users need to depend on aws-java-sdk artifact for accessing individual client classes.
/*
* Copyright 2010-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
/**
* Classes for creating custom AWS access control policies. Policies allow you to specify fine grained
* access controls on your AWS resources. You can allow or deny access to your AWS resources based on:
*
* - what resource is being accessed
*
- who is accessing the resource (i.e. the principal)
*
- what action is being taken on the resource
*
- a variety of conditions including date restrictions, IP address restrictions, etc.
*
*
*
* Access control policies are a collection of statements.
* Each statement takes the form: "A has permission to do B to C where D applies".
*
* - A is the principal - the AWS account that is making a request to
* access or modify one of your AWS resources.
*
- B is the action - the way in which your AWS resource is being accessed or modified, such
* as sending a message to an Amazon SQS queue, or storing an object in an Amazon S3 bucket.
*
- C is the resource - your AWS entity that the principal wants to access, such
* as an Amazon SQS queue, or an object stored in Amazon S3.
*
- D is the set of conditions - optional constraints that specify when to allow or deny
* access for the principal to access your resource. Many expressive conditions are available,
* some specific to each service. For example you can use date conditions to allow access to
* your resources only after or before a specific time.
*
*
*
* The following code creates a policy to allow a specific AWS account to send
* and receive messages using one of your Amazon SQS queues:
*
* Policy policy = new Policy("MyQueuePolicy");
* policy.withStatements(new Statement(Effect.Allow)
* .withPrincipals(new Principal("123456789012"))
* .withActions(SQSActions.SendMessage, SQSActions.ReceiveMessage)
* .withResources(new SQSQueueResource("987654321000", "queue2")));
*
*
*
* Once you've created a policy, you need to use methods on the service to upload your policy to AWS.
*/
package com.amazonaws.auth.policy;