See: Description
Interface | Description |
---|---|
Action |
An access control policy action identifies a specific action in a service
that can be performed on a resource.
|
Class | Description |
---|---|
Condition |
AWS access control policy conditions are contained in
Statement
objects, and affect when a statement is applied. |
Policy |
An AWS access control policy is a object that acts as a container for one or
more statements, which specify fine grained rules for allowing or denying
various types of actions from being performed on your AWS resources.
|
Principal |
A principal is an AWS account or AWS web serivce, which is being allowed or
denied access to a resource through an access control policy.
|
Resource |
Represents a resource involved in an AWS access control policy statement.
|
Statement |
A statement is the formal description of a single permission, and is always
contained within a policy object.
|
Enum | Description |
---|---|
Principal.Services |
The services who have the right to do the assume the role action.
|
Principal.WebIdentityProviders |
Web identity providers, such as Login with Amazon, Facebook, or Google.
|
Statement.Effect |
The effect is the result that you want a policy statement to return at
evaluation time.
|
STSActions | Deprecated
in favor of
SecurityTokenServiceActions |
Access control policies are a collection of statements. Each statement takes the form: "A has permission to do B to C where D applies".
The following code creates a policy to allow a specific AWS account to send and receive messages using one of your Amazon SQS queues:
Policy policy = new Policy("MyQueuePolicy"); policy.withStatements(new Statement(Effect.Allow) .withPrincipals(new Principal("123456789012")) .withActions(SQSActions.SendMessage, SQSActions.ReceiveMessage) .withResources(new SQSQueueResource("987654321000", "queue2")));
Once you've created a policy, you need to use methods on the service to upload your policy to AWS.
Copyright © 2018 Amazon Web Services, Inc. All Rights Reserved.