List of usage examples for com.amazonaws.auth.policy Policy Policy
public Policy()
From source file:aws.example.s3.SetBucketPolicy.java
License:Open Source License
public static String getPublicReadPolicy(String bucket_name) { Policy bucket_policy = new Policy().withStatements(new Statement(Statement.Effect.Allow) .withPrincipals(Principal.AllUsers).withActions(S3Actions.GetObject) .withResources(new Resource("arn:aws:s3:::" + bucket_name + "/*"))); return bucket_policy.toJson(); }
From source file:com.clicktravel.infrastructure.messaging.aws.sns.DefaultSnsTopicResourceFactory.java
License:Apache License
private Policy allowAllQueuesPolicy(final SnsTopicResource snsTopicResource) { final String topicArn = snsTopicResource.getTopicArn(); final String[] topicArnParts = topicArn.split(":"); final String sourceOwner = topicArnParts[topicArnParts.length - 2]; final Condition condition = new Condition().withType("StringEquals").withConditionKey("AWS:SourceOwner") .withValues(sourceOwner);/* www . j a va 2s . co m*/ final Action receiveAction = new Action() { @Override public String getActionName() { return "sns:Receive"; } }; final Statement recieveStatement = new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(receiveAction).withResources(new Resource(topicArn)).withConditions(condition); final Statement subscribeStatement = new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(SNSActions.Subscribe); return new Policy().withStatements(recieveStatement, subscribeStatement); }
From source file:com.clicktravel.infrastructure.messaging.aws.sqs.DefaultSqsQueueResourceFactory.java
License:Apache License
private Policy acceptMessagesFromTopicsPolicy(final SqsQueueResource sqsQueueResource, final SnsTopicResource... snsTopics) { final Collection<Statement> statements = new ArrayList<>(); for (final SnsTopicResource snsTopicResource : snsTopics) { statements.add(acceptMessagesFromTopicStatement(sqsQueueResource, snsTopicResource)); }/*from w w w .jav a 2s .c o m*/ final Policy policy = new Policy(); policy.setStatements(statements); return policy; }
From source file:com.connexience.server.model.archive.glacier.SetupUtils.java
License:Open Source License
public static SQSInfo setupSQS(String accessKey, String secretKey, String domainName, String vaultName) { SQSInfo sqsInfo = null;/*from www . j a va 2 s.c om*/ try { AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey); AmazonSQSClient amazonSQSClient = new AmazonSQSClient(awsCredentials); amazonSQSClient.setEndpoint("https://sqs." + domainName + ".amazonaws.com/"); String queueName = vaultName + "-inkspot_glacier-queue"; CreateQueueRequest createQueueRequest = new CreateQueueRequest(); createQueueRequest.withQueueName(queueName); CreateQueueResult createQueueResult = amazonSQSClient.createQueue(createQueueRequest); if (createQueueResult != null) { String queueURL = createQueueResult.getQueueUrl(); GetQueueAttributesRequest getQueueAttributesRequest = new GetQueueAttributesRequest(); getQueueAttributesRequest.withQueueUrl(queueURL); getQueueAttributesRequest.withAttributeNames("QueueArn"); GetQueueAttributesResult getQueueAttributesResult = amazonSQSClient .getQueueAttributes(getQueueAttributesRequest); if (getQueueAttributesResult != null) { String queueARN = getQueueAttributesResult.getAttributes().get("QueueArn"); Statement sqsStatement = new Statement(Effect.Allow); sqsStatement.withPrincipals(Principal.AllUsers); sqsStatement.withActions(SQSActions.SendMessage); sqsStatement.withResources(new Resource(queueARN)); Policy sqsPolicy = new Policy(); sqsPolicy.withStatements(sqsStatement); Map<String, String> sqsAttributes = new HashMap<>(); sqsAttributes.put("Policy", sqsPolicy.toJson()); SetQueueAttributesRequest setQueueAttributesRequest = new SetQueueAttributesRequest(); setQueueAttributesRequest.withQueueUrl(queueURL); setQueueAttributesRequest.withAttributes(sqsAttributes); amazonSQSClient.setQueueAttributes(setQueueAttributesRequest); sqsInfo = new SQSInfo(queueARN, queueURL); } else logger.warn("Unable to get queue attributes: \"" + queueName + "\""); } else logger.warn("Unable to create queue: \"" + queueName + "\""); amazonSQSClient.shutdown(); } catch (AmazonServiceException amazonServiceException) { logger.warn("AmazonServiceException: " + amazonServiceException); logger.debug(amazonServiceException); } catch (IllegalArgumentException illegalArgumentException) { logger.warn("IllegalArgumentException: " + illegalArgumentException); logger.debug(illegalArgumentException); } catch (AmazonClientException amazonClientException) { logger.warn("AmazonClientException: " + amazonClientException); logger.debug(amazonClientException); } catch (Throwable throwable) { logger.warn("Throwable: " + throwable); logger.debug(throwable); } return sqsInfo; }
From source file:com.leverno.ysbos.archive.example.AmazonGlacierDownloadInventoryWithSQSPolling.java
License:Open Source License
private static void setupSQS() { CreateQueueRequest request = new CreateQueueRequest().withQueueName(sqsQueueName); CreateQueueResult result = sqsClient.createQueue(request); sqsQueueURL = result.getQueueUrl();/* w ww . ja v a 2 s .c om*/ GetQueueAttributesRequest qRequest = new GetQueueAttributesRequest().withQueueUrl(sqsQueueURL) .withAttributeNames("QueueArn"); GetQueueAttributesResult qResult = sqsClient.getQueueAttributes(qRequest); sqsQueueARN = qResult.getAttributes().get("QueueArn"); Policy sqsPolicy = new Policy() .withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage).withResources(new Resource(sqsQueueARN))); Map<String, String> queueAttributes = new HashMap<String, String>(); queueAttributes.put("Policy", sqsPolicy.toJson()); sqsClient.setQueueAttributes(new SetQueueAttributesRequest(sqsQueueURL, queueAttributes)); }
From source file:com.nike.cerberus.service.KmsPolicyService.java
License:Apache License
public String generateStandardKmsPolicy(final String iamRoleAccountId, final String iamRoleName) { Policy kmsPolicy = new Policy(); Statement rootUserStatement = new Statement(Statement.Effect.Allow); rootUserStatement.withId("Root User Has All Actions"); rootUserStatement.withPrincipals(new Principal(AWS_PROVIDER, rootUserArn, false)); rootUserStatement.withActions(KmsActions.AllKmsActions); rootUserStatement.withResources(new Resource("*")); Statement keyAdministratorStatement = new Statement(Statement.Effect.Allow); keyAdministratorStatement.withId("Admin Role Has All Actions"); keyAdministratorStatement.withPrincipals(new Principal(AWS_PROVIDER, adminRoleArn, false)); keyAdministratorStatement.withActions(KmsActions.AllKmsActions); keyAdministratorStatement.withResources(new Resource("*")); Statement instanceUsageStatement = new Statement(Statement.Effect.Allow); instanceUsageStatement.withId("CMS Role Key Access"); instanceUsageStatement.withPrincipals(new Principal(AWS_PROVIDER, cmsRoleArn, false)); instanceUsageStatement.withActions(KmsActions.EncryptAction, KmsActions.DecryptAction, KmsActions.AllReEncryptActions, KmsActions.AllGenerateDataKeyActions, KmsActions.DescribeKey); instanceUsageStatement.withResources(new Resource("*")); Statement iamRoleUsageStatement = new Statement(Statement.Effect.Allow); iamRoleUsageStatement.withId("Target IAM Role Has Decrypt Action"); iamRoleUsageStatement.withPrincipals(new Principal(AWS_PROVIDER, String.format("arn:aws:iam::%s:role/%s", iamRoleAccountId, iamRoleName), false)); iamRoleUsageStatement.withActions(KmsActions.DecryptAction); iamRoleUsageStatement.withResources(new Resource("*")); kmsPolicy.withStatements(rootUserStatement, keyAdministratorStatement, instanceUsageStatement, iamRoleUsageStatement);/* www . j av a 2s . c o m*/ return kmsPolicy.toJson(); }
From source file:io.konig.maven.CreateAwsSnsTopicAction.java
License:Apache License
public AwsDeployment from(String path) throws Exception { String cfTemplatePresent = System.getProperty("cfTemplatePresent"); if (cfTemplatePresent == null || cfTemplatePresent.equals("N")) { try {//w ww. j av a 2 s .c o m File file = deployment.file(path); ObjectMapper mapper = new ObjectMapper(); S3Bucket bucket = mapper.readValue(file, S3Bucket.class); deployment.verifyAWSCredentials(); String envtName = ""; if (System.getProperty("environmentName") != null) { envtName = System.getProperty("environmentName"); } String bucketName = StringUtils.replaceOnce(bucket.getBucketName(), "${environmentName}", envtName); TopicConfiguration notificationConfig = bucket.getNotificationConfiguration() .getTopicConfiguration(); if (notificationConfig != null && notificationConfig.getTopic() != null) { Topic topic = notificationConfig.getTopic(); Regions regions = Regions.fromName(topic.getRegion()); AmazonSNS sns = AmazonSNSClientBuilder.standard().withCredentials(deployment.getCredential()) .withRegion(regions).build(); CreateTopicResult result = sns.createTopic(topic.getResourceName()); deployment.setResponse("Topic with ARN : " + result.getTopicArn() + " is created"); Policy policy = new Policy().withStatements(new Statement(Effect.Allow) .withPrincipals(Principal.AllUsers).withActions(SNSActions.Publish) .withResources(new Resource(result.getTopicArn())) .withConditions(new ArnCondition(ArnComparisonType.ArnEquals, ConditionFactory.SOURCE_ARN_CONDITION_KEY, "arn:aws:s3:*:*:" + bucketName))); sns.setTopicAttributes( new SetTopicAttributesRequest(result.getTopicArn(), "Policy", policy.toJson())); } else { deployment.setResponse("No topic is configured to the S3 Bucket"); } } catch (Exception e) { throw e; } } else { deployment.setResponse("Topic will be created through cloud formation template"); } return deployment; }
From source file:io.konig.maven.CreateAwsSqsQueueAction.java
License:Apache License
public AwsDeployment from(String path) throws Exception { String cfTemplatePresent = System.getProperty("cfTemplatePresent"); if (cfTemplatePresent == null || cfTemplatePresent.equals("N")) { try {// w w w .jav a2 s.co m File file = deployment.file(path); ObjectMapper mapper = new ObjectMapper(); S3Bucket bucket = mapper.readValue(file, S3Bucket.class); deployment.verifyAWSCredentials(); QueueConfiguration queueConfig = bucket.getNotificationConfiguration().getQueueConfiguration(); if (queueConfig != null && queueConfig.getQueue() != null) { String accountId = ""; if (System.getProperty("aws-account-id") != null) { accountId = System.getProperty("aws-account-id"); } Queue queue = queueConfig.getQueue(); Regions regions = Regions.fromName(queue.getRegion()); AmazonSQS sqs = AmazonSQSClientBuilder.standard().withCredentials(deployment.getCredential()) .withRegion(regions).build(); AmazonSNS sns = AmazonSNSClientBuilder.standard().withCredentials(deployment.getCredential()) .withRegion(regions).build(); CreateQueueResult result = sqs.createQueue(queue.getResourceName()); String topicArn = StringUtils.replaceOnce( bucket.getNotificationConfiguration().getTopicConfiguration().getTopicArn(), "${aws-account-id}", accountId); String queueArn = StringUtils.replaceOnce( bucket.getNotificationConfiguration().getQueueConfiguration().getQueueArn(), "${aws-account-id}", accountId); deployment.setResponse("Queue " + queueArn + " is created"); Policy policy = new Policy() .withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage).withResources(new Resource(queueArn)) .withConditions(ConditionFactory.newSourceArnCondition(topicArn))); Map<String, String> queueAttributes = new HashMap<String, String>(); queueAttributes.put(QueueAttributeName.Policy.toString(), policy.toJson()); deployment.setResponse("Queue Policy Configured : " + policy.toJson()); sqs.setQueueAttributes(new SetQueueAttributesRequest(result.getQueueUrl(), queueAttributes)); Topics.subscribeQueue(sns, sqs, topicArn, result.getQueueUrl()); deployment.setResponse( "Subscription is created : Topic [" + topicArn + "], Queue [" + queueArn + "]"); } else { deployment.setResponse("Queue Configuration Failed"); } } catch (Exception e) { throw e; } } else { deployment.setResponse("Queue will be created through cloud formation template"); } return deployment; }
From source file:org.apache.usergrid.apm.service.AWSUtil.java
License:Apache License
public static String getSQSIPAddressWhiteListPolicy(String queueArn) { Policy policy = null;/*from ww w .j a va 2s .c o m*/ IpAddressCondition[] ipAddressConditions = AWSUtil.getIPAddressRangeWhiteList(); if (ipAddressConditions != null && ipAddressConditions.length != 0) { policy = new Policy().withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage).withConditions(ipAddressConditions) .withResources(new Resource(queueArn))); } else { policy = new Policy().withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage).withResources(new Resource(queueArn))); } return policy.toJson(); }
From source file:org.apache.usergrid.apm.service.AWSUtil.java
License:Apache License
public static String getS3IPAddressWhiteListPolicy(String s3Bucket) { Policy policy = null;//from ww w. j a v a 2 s. c om IpAddressCondition[] ipAddressConditions = AWSUtil.getIPAddressRangeWhiteList(); if (ipAddressConditions != null && ipAddressConditions.length != 0) { policy = new Policy().withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(S3Actions.PutObject, S3Actions.GetObject).withConditions(ipAddressConditions) .withResources(new S3ObjectResource(s3Bucket, "*"))); } else { policy = new Policy().withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(S3Actions.PutObject, S3Actions.GetObject) .withResources(new S3ObjectResource(s3Bucket, "*"))); } return policy.toJson(); }