List of usage examples for com.amazonaws.auth.policy Policy toJson
public String toJson()
From source file:aws.example.s3.SetBucketPolicy.java
License:Open Source License
private static String getBucketPolicyFromFile(String policy_file) { StringBuilder file_text = new StringBuilder(); try {//from www .j a va 2 s .co m List<String> lines = Files.readAllLines(Paths.get(policy_file), Charset.forName("UTF-8")); for (String line : lines) { file_text.append(line); } } catch (IOException e) { System.out.format("Problem reading file: \"%s\"", policy_file); System.out.println(e.getMessage()); } // Verify the policy by trying to load it into a Policy object. Policy bucket_policy = null; try { bucket_policy = Policy.fromJson(file_text.toString()); } catch (IllegalArgumentException e) { System.out.format("Invalid policy text in file: \"%s\"", policy_file); System.out.println(e.getMessage()); } return bucket_policy.toJson(); }
From source file:aws.example.s3.SetBucketPolicy.java
License:Open Source License
public static String getPublicReadPolicy(String bucket_name) { Policy bucket_policy = new Policy().withStatements(new Statement(Statement.Effect.Allow) .withPrincipals(Principal.AllUsers).withActions(S3Actions.GetObject) .withResources(new Resource("arn:aws:s3:::" + bucket_name + "/*"))); return bucket_policy.toJson(); }
From source file:awslabs.lab31.SolutionCode.java
License:Open Source License
@Override public void grantNotificationPermission(AmazonSQSClient sqsClient, String queueArn, String queueUrl, String topicArn) {/* w w w . j a v a2 s.c o m*/ Statement statement = new Statement(Effect.Allow).withActions(SQSActions.SendMessage) .withPrincipals(new Principal("*")).withConditions(ConditionFactory.newSourceArnCondition(topicArn)) .withResources(new Resource(queueArn)); Policy policy = new Policy("SubscriptionPermission").withStatements(statement); HashMap<String, String> attributes = new HashMap<String, String>(); attributes.put("Policy", policy.toJson()); // Create the request to set the queue attributes for policy SetQueueAttributesRequest setQueueAttributesRequest = new SetQueueAttributesRequest().withQueueUrl(queueUrl) .withAttributes(attributes); // Set the queue policy sqsClient.setQueueAttributes(setQueueAttributesRequest); }
From source file:com.clicktravel.infrastructure.messaging.aws.sns.SnsTopicResource.java
License:Apache License
/** * Sets the {@link Policy} of the AWS SNS topic * @param policy {@link Policy} to set/* ww w .j a v a 2s . c o m*/ * @throws AmazonClientException */ public void setPolicy(final Policy policy) throws AmazonClientException { amazonSnsClient.setTopicAttributes( new SetTopicAttributesRequest(topicArn, TOPIC_POLICY_ATTRIBUTE, policy.toJson())); }
From source file:com.clicktravel.infrastructure.messaging.aws.sqs.SqsQueueResource.java
License:Apache License
/** * Sets the {@link Policy} of the AWS SQS queue * @param policy {@link Policy} to set/* w ww.j a v a 2 s .c om*/ */ public void setPolicy(final Policy policy) throws AmazonClientException { final Map<String, String> queueAttributes = Collections.singletonMap(AWS_POLICY_ATTRIBUTE, policy.toJson()); amazonSqsClient.setQueueAttributes(new SetQueueAttributesRequest(queueUrl, queueAttributes)); }
From source file:com.connexience.server.model.archive.glacier.SetupUtils.java
License:Open Source License
public static SQSInfo setupSQS(String accessKey, String secretKey, String domainName, String vaultName) { SQSInfo sqsInfo = null;/*from www .j a v a 2 s.c o m*/ try { AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey); AmazonSQSClient amazonSQSClient = new AmazonSQSClient(awsCredentials); amazonSQSClient.setEndpoint("https://sqs." + domainName + ".amazonaws.com/"); String queueName = vaultName + "-inkspot_glacier-queue"; CreateQueueRequest createQueueRequest = new CreateQueueRequest(); createQueueRequest.withQueueName(queueName); CreateQueueResult createQueueResult = amazonSQSClient.createQueue(createQueueRequest); if (createQueueResult != null) { String queueURL = createQueueResult.getQueueUrl(); GetQueueAttributesRequest getQueueAttributesRequest = new GetQueueAttributesRequest(); getQueueAttributesRequest.withQueueUrl(queueURL); getQueueAttributesRequest.withAttributeNames("QueueArn"); GetQueueAttributesResult getQueueAttributesResult = amazonSQSClient .getQueueAttributes(getQueueAttributesRequest); if (getQueueAttributesResult != null) { String queueARN = getQueueAttributesResult.getAttributes().get("QueueArn"); Statement sqsStatement = new Statement(Effect.Allow); sqsStatement.withPrincipals(Principal.AllUsers); sqsStatement.withActions(SQSActions.SendMessage); sqsStatement.withResources(new Resource(queueARN)); Policy sqsPolicy = new Policy(); sqsPolicy.withStatements(sqsStatement); Map<String, String> sqsAttributes = new HashMap<>(); sqsAttributes.put("Policy", sqsPolicy.toJson()); SetQueueAttributesRequest setQueueAttributesRequest = new SetQueueAttributesRequest(); setQueueAttributesRequest.withQueueUrl(queueURL); setQueueAttributesRequest.withAttributes(sqsAttributes); amazonSQSClient.setQueueAttributes(setQueueAttributesRequest); sqsInfo = new SQSInfo(queueARN, queueURL); } else logger.warn("Unable to get queue attributes: \"" + queueName + "\""); } else logger.warn("Unable to create queue: \"" + queueName + "\""); amazonSQSClient.shutdown(); } catch (AmazonServiceException amazonServiceException) { logger.warn("AmazonServiceException: " + amazonServiceException); logger.debug(amazonServiceException); } catch (IllegalArgumentException illegalArgumentException) { logger.warn("IllegalArgumentException: " + illegalArgumentException); logger.debug(illegalArgumentException); } catch (AmazonClientException amazonClientException) { logger.warn("AmazonClientException: " + amazonClientException); logger.debug(amazonClientException); } catch (Throwable throwable) { logger.warn("Throwable: " + throwable); logger.debug(throwable); } return sqsInfo; }
From source file:com.leverno.ysbos.archive.example.AmazonGlacierDownloadInventoryWithSQSPolling.java
License:Open Source License
private static void setupSQS() { CreateQueueRequest request = new CreateQueueRequest().withQueueName(sqsQueueName); CreateQueueResult result = sqsClient.createQueue(request); sqsQueueURL = result.getQueueUrl();/*from w w w . java 2 s.c o m*/ GetQueueAttributesRequest qRequest = new GetQueueAttributesRequest().withQueueUrl(sqsQueueURL) .withAttributeNames("QueueArn"); GetQueueAttributesResult qResult = sqsClient.getQueueAttributes(qRequest); sqsQueueARN = qResult.getAttributes().get("QueueArn"); Policy sqsPolicy = new Policy() .withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage).withResources(new Resource(sqsQueueARN))); Map<String, String> queueAttributes = new HashMap<String, String>(); queueAttributes.put("Policy", sqsPolicy.toJson()); sqsClient.setQueueAttributes(new SetQueueAttributesRequest(sqsQueueURL, queueAttributes)); }
From source file:com.netflix.conductor.contribs.queue.sqs.SQSObservableQueue.java
License:Apache License
private String getPolicy(List<String> accountIds) { Policy policy = new Policy("ReloadedWorkerAccessPolicy"); Statement stmt = new Statement(Effect.Allow); Action action = SQSActions.SendMessage; stmt.getActions().add(action);//from w w w . j a v a 2 s. co m stmt.setResources(new LinkedList<>()); for (String accountId : accountIds) { Principal principal = new Principal(accountId); stmt.getPrincipals().add(principal); } stmt.getResources().add(new Resource(getQueueARN())); policy.getStatements().add(stmt); return policy.toJson(); }
From source file:com.netflix.spinnaker.front50.model.TemporarySQSQueue.java
License:Apache License
private TemporaryQueue createQueue(String snsTopicArn, String sqsQueueArn, String sqsQueueName) { String sqsQueueUrl = amazonSQS.createQueue(new CreateQueueRequest().withQueueName(sqsQueueName) .withAttributes(Collections.singletonMap("MessageRetentionPeriod", "60")) // 60s message retention ).getQueueUrl();/*from w ww . j a v a 2s. c om*/ log.info("Created Temporary S3 Notification Queue: {}", value("queue", sqsQueueUrl)); String snsTopicSubscriptionArn = amazonSNS.subscribe(snsTopicArn, "sqs", sqsQueueArn).getSubscriptionArn(); Statement snsStatement = new Statement(Statement.Effect.Allow).withActions(SQSActions.SendMessage); snsStatement.setPrincipals(Principal.All); snsStatement.setResources(Collections.singletonList(new Resource(sqsQueueArn))); snsStatement.setConditions(Collections.singletonList( new Condition().withType("ArnEquals").withConditionKey("aws:SourceArn").withValues(snsTopicArn))); Policy allowSnsPolicy = new Policy("allow-sns", Collections.singletonList(snsStatement)); HashMap<String, String> attributes = new HashMap<>(); attributes.put("Policy", allowSnsPolicy.toJson()); amazonSQS.setQueueAttributes(sqsQueueUrl, attributes); return new TemporaryQueue(snsTopicArn, sqsQueueArn, sqsQueueUrl, snsTopicSubscriptionArn); }
From source file:com.nike.cerberus.service.KmsPolicyService.java
License:Apache License
public String generateStandardKmsPolicy(final String iamRoleAccountId, final String iamRoleName) { Policy kmsPolicy = new Policy(); Statement rootUserStatement = new Statement(Statement.Effect.Allow); rootUserStatement.withId("Root User Has All Actions"); rootUserStatement.withPrincipals(new Principal(AWS_PROVIDER, rootUserArn, false)); rootUserStatement.withActions(KmsActions.AllKmsActions); rootUserStatement.withResources(new Resource("*")); Statement keyAdministratorStatement = new Statement(Statement.Effect.Allow); keyAdministratorStatement.withId("Admin Role Has All Actions"); keyAdministratorStatement.withPrincipals(new Principal(AWS_PROVIDER, adminRoleArn, false)); keyAdministratorStatement.withActions(KmsActions.AllKmsActions); keyAdministratorStatement.withResources(new Resource("*")); Statement instanceUsageStatement = new Statement(Statement.Effect.Allow); instanceUsageStatement.withId("CMS Role Key Access"); instanceUsageStatement.withPrincipals(new Principal(AWS_PROVIDER, cmsRoleArn, false)); instanceUsageStatement.withActions(KmsActions.EncryptAction, KmsActions.DecryptAction, KmsActions.AllReEncryptActions, KmsActions.AllGenerateDataKeyActions, KmsActions.DescribeKey); instanceUsageStatement.withResources(new Resource("*")); Statement iamRoleUsageStatement = new Statement(Statement.Effect.Allow); iamRoleUsageStatement.withId("Target IAM Role Has Decrypt Action"); iamRoleUsageStatement.withPrincipals(new Principal(AWS_PROVIDER, String.format("arn:aws:iam::%s:role/%s", iamRoleAccountId, iamRoleName), false)); iamRoleUsageStatement.withActions(KmsActions.DecryptAction); iamRoleUsageStatement.withResources(new Resource("*")); kmsPolicy.withStatements(rootUserStatement, keyAdministratorStatement, instanceUsageStatement, iamRoleUsageStatement);// w w w . j a v a 2 s . c o m return kmsPolicy.toJson(); }