Example usage for com.amazonaws.auth.policy Principal Principal

List of usage examples for com.amazonaws.auth.policy Principal Principal

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.auth.policy.*
  5. Principal
  6. Principal

Introduction

In this page you can find the example usage for com.amazonaws.auth.policy Principal Principal.

Prototype

public Principal(String provider, String id, boolean stripHyphen)

Source Link

Document

Constructs a new principal with the specified id and provider.

Usage

From source file:com.nike.cerberus.service.KmsPolicyService.java

License:Apache License

public String generateStandardKmsPolicy(final String iamRoleAccountId, final String iamRoleName) {
    Policy kmsPolicy = new Policy();

    Statement rootUserStatement = new Statement(Statement.Effect.Allow);
    rootUserStatement.withId("Root User Has All Actions");
    rootUserStatement.withPrincipals(new Principal(AWS_PROVIDER, rootUserArn, false));
    rootUserStatement.withActions(KmsActions.AllKmsActions);
    rootUserStatement.withResources(new Resource("*"));

    Statement keyAdministratorStatement = new Statement(Statement.Effect.Allow);
    keyAdministratorStatement.withId("Admin Role Has All Actions");
    keyAdministratorStatement.withPrincipals(new Principal(AWS_PROVIDER, adminRoleArn, false));
    keyAdministratorStatement.withActions(KmsActions.AllKmsActions);
    keyAdministratorStatement.withResources(new Resource("*"));

    Statement instanceUsageStatement = new Statement(Statement.Effect.Allow);
    instanceUsageStatement.withId("CMS Role Key Access");
    instanceUsageStatement.withPrincipals(new Principal(AWS_PROVIDER, cmsRoleArn, false));
    instanceUsageStatement.withActions(KmsActions.EncryptAction, KmsActions.DecryptAction,
            KmsActions.AllReEncryptActions, KmsActions.AllGenerateDataKeyActions, KmsActions.DescribeKey);
    instanceUsageStatement.withResources(new Resource("*"));

    Statement iamRoleUsageStatement = new Statement(Statement.Effect.Allow);
    iamRoleUsageStatement.withId("Target IAM Role Has Decrypt Action");
    iamRoleUsageStatement.withPrincipals(new Principal(AWS_PROVIDER,
            String.format("arn:aws:iam::%s:role/%s", iamRoleAccountId, iamRoleName), false));
    iamRoleUsageStatement.withActions(KmsActions.DecryptAction);
    iamRoleUsageStatement.withResources(new Resource("*"));

    kmsPolicy.withStatements(rootUserStatement, keyAdministratorStatement, instanceUsageStatement,
            iamRoleUsageStatement);//from  w ww .  j  av  a  2s.  c  om

    return kmsPolicy.toJson();
}