An access control policy action identifies a specific action in a service that can be performed on a resource.
AWS access control policy conditions are contained in
An AWS access control policy is a object that acts as a container for one or more statements, which specify fine grained rules for allowing or denying various types of actions from being performed on your AWS resources.
A principal is an AWS account or AWS web serivce, which is being allowed or denied access to a resource through an access control policy.
Represents a resource involved in an AWS access control policy statement.
A statement is the formal description of a single permission, and is always contained within a policy object.
The services who have the right to do the assume the role action.
Web identity providers, such as Login with Amazon, Facebook, or Google.
The effect is the result that you want a policy statement to return at evaluation time.
in favor of
Access control policies are a collection of statements. Each statement takes the form: "A has permission to do B to C where D applies".
The following code creates a policy to allow a specific AWS account to send and receive messages using one of your Amazon SQS queues:
Policy policy = new Policy("MyQueuePolicy"); policy.withStatements(new Statement(Effect.Allow) .withPrincipals(new Principal("123456789012")) .withActions(SQSActions.SendMessage, SQSActions.ReceiveMessage) .withResources(new SQSQueueResource("987654321000", "queue2")));
Once you've created a policy, you need to use methods on the service to upload your policy to AWS.
Copyright © 2018 Amazon Web Services, Inc. All Rights Reserved.