List of usage examples for com.amazonaws.auth.policy Condition Condition
Condition
From source file:com.clicktravel.infrastructure.messaging.aws.sns.DefaultSnsTopicResourceFactory.java
License:Apache License
private Policy allowAllQueuesPolicy(final SnsTopicResource snsTopicResource) { final String topicArn = snsTopicResource.getTopicArn(); final String[] topicArnParts = topicArn.split(":"); final String sourceOwner = topicArnParts[topicArnParts.length - 2]; final Condition condition = new Condition().withType("StringEquals").withConditionKey("AWS:SourceOwner") .withValues(sourceOwner);// www . j a v a 2 s . c om final Action receiveAction = new Action() { @Override public String getActionName() { return "sns:Receive"; } }; final Statement recieveStatement = new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(receiveAction).withResources(new Resource(topicArn)).withConditions(condition); final Statement subscribeStatement = new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(SNSActions.Subscribe); return new Policy().withStatements(recieveStatement, subscribeStatement); }
From source file:com.netflix.spinnaker.clouddriver.aws.lifecycle.InstanceTerminationLifecycleAgent.java
License:Apache License
private static Policy buildSQSPolicy(ARN queue, ARN topic) { Statement statement = new Statement(Statement.Effect.Allow).withActions(SQSActions.SendMessage); statement.setPrincipals(Principal.All); statement.setResources(Collections.singletonList(new Resource(queue.arn))); statement.setConditions(Collections.singletonList( new Condition().withType("ArnEquals").withConditionKey("aws:SourceArn").withValues(topic.arn))); return new Policy("allow-sns-topic-send", Collections.singletonList(statement)); }
From source file:com.netflix.spinnaker.clouddriver.aws.lifecycle.InstanceTerminationLifecycleWorker.java
License:Apache License
/** * This policy allows operators to choose whether or not to have lifecycle hooks to be sent via SNS for fanout, or * be sent directly to an SQS queue from the autoscaling group. *///from w w w . j a v a 2 s . c o m private static Policy buildSQSPolicy(ARN queue, ARN topic, Set<String> terminatingRoleArns) { Statement snsStatement = new Statement(Effect.Allow).withActions(SQSActions.SendMessage); snsStatement.setPrincipals(Principal.All); snsStatement.setResources(Collections.singletonList(new Resource(queue.arn))); snsStatement.setConditions(Collections.singletonList( new Condition().withType("ArnEquals").withConditionKey("aws:SourceArn").withValues(topic.arn))); Statement sqsStatement = new Statement(Effect.Allow).withActions(SQSActions.SendMessage, SQSActions.GetQueueUrl); sqsStatement.setPrincipals(terminatingRoleArns.stream().map(Principal::new).collect(Collectors.toList())); sqsStatement.setResources(Collections.singletonList(new Resource(queue.arn))); return new Policy("allow-sns-or-sqs-send", Arrays.asList(snsStatement, sqsStatement)); }
From source file:com.netflix.spinnaker.echo.pubsub.amazon.SQSSubscriber.java
License:Apache License
/** * This policy allows operators to choose whether or not to have pubsub messages to be sent via SNS for fanout, or * be sent directly to an SQS queue from the autoscaling group. *//*from w ww . j ava 2 s. c o m*/ private static Policy buildSQSPolicy(ARN queue, ARN topic) { Statement snsStatement = new Statement(Statement.Effect.Allow).withActions(SQSActions.SendMessage); snsStatement.setPrincipals(Principal.All); snsStatement.setResources(Collections.singletonList(new Resource(queue.getArn()))); snsStatement.setConditions(Collections.singletonList(new Condition().withType("ArnEquals") .withConditionKey("aws:SourceArn").withValues(topic.getArn()))); Statement sqsStatement = new Statement(Statement.Effect.Allow).withActions(SQSActions.SendMessage, SQSActions.GetQueueUrl); sqsStatement.setPrincipals(Principal.All); sqsStatement.setResources(Collections.singletonList(new Resource(queue.getArn()))); return new Policy("allow-sns-or-sqs-send", Arrays.asList(snsStatement, sqsStatement)); }
From source file:com.netflix.spinnaker.front50.model.TemporarySQSQueue.java
License:Apache License
private TemporaryQueue createQueue(String snsTopicArn, String sqsQueueArn, String sqsQueueName) { String sqsQueueUrl = amazonSQS.createQueue(new CreateQueueRequest().withQueueName(sqsQueueName) .withAttributes(Collections.singletonMap("MessageRetentionPeriod", "60")) // 60s message retention ).getQueueUrl();/* w w w . j a va2 s . com*/ log.info("Created Temporary S3 Notification Queue: {}", value("queue", sqsQueueUrl)); String snsTopicSubscriptionArn = amazonSNS.subscribe(snsTopicArn, "sqs", sqsQueueArn).getSubscriptionArn(); Statement snsStatement = new Statement(Statement.Effect.Allow).withActions(SQSActions.SendMessage); snsStatement.setPrincipals(Principal.All); snsStatement.setResources(Collections.singletonList(new Resource(sqsQueueArn))); snsStatement.setConditions(Collections.singletonList( new Condition().withType("ArnEquals").withConditionKey("aws:SourceArn").withValues(snsTopicArn))); Policy allowSnsPolicy = new Policy("allow-sns", Collections.singletonList(snsStatement)); HashMap<String, String> attributes = new HashMap<>(); attributes.put("Policy", allowSnsPolicy.toJson()); amazonSQS.setQueueAttributes(sqsQueueUrl, attributes); return new TemporaryQueue(snsTopicArn, sqsQueueArn, sqsQueueUrl, snsTopicSubscriptionArn); }
From source file:com.netflix.spinnaker.kork.aws.pubsub.PubSubUtils.java
License:Apache License
/** * This policy allows messages to be sent from an SNS topic. *///w w w . j a v a2 s. c o m public static Policy buildSQSPolicy(ARN queue, ARN topic) { Statement snsStatement = new Statement(Statement.Effect.Allow).withActions(SQSActions.SendMessage); snsStatement.setPrincipals(Principal.All); snsStatement.setResources(Collections.singletonList(new Resource(queue.getArn()))); snsStatement.setConditions(Collections.singletonList(new Condition().withType("ArnEquals") .withConditionKey("aws:SourceArn").withValues(topic.getArn()))); return new Policy("allow-sns-send", Collections.singletonList(snsStatement)); }