List of usage examples for com.amazonaws.auth.policy Resource Resource
public Resource(String resource)
From source file:aws.example.s3.SetBucketPolicy.java
License:Open Source License
public static String getPublicReadPolicy(String bucket_name) { Policy bucket_policy = new Policy().withStatements(new Statement(Statement.Effect.Allow) .withPrincipals(Principal.AllUsers).withActions(S3Actions.GetObject) .withResources(new Resource("arn:aws:s3:::" + bucket_name + "/*"))); return bucket_policy.toJson(); }
From source file:awslabs.lab31.SolutionCode.java
License:Open Source License
@Override public void grantNotificationPermission(AmazonSQSClient sqsClient, String queueArn, String queueUrl, String topicArn) {//from w ww .ja v a 2 s .c o m Statement statement = new Statement(Effect.Allow).withActions(SQSActions.SendMessage) .withPrincipals(new Principal("*")).withConditions(ConditionFactory.newSourceArnCondition(topicArn)) .withResources(new Resource(queueArn)); Policy policy = new Policy("SubscriptionPermission").withStatements(statement); HashMap<String, String> attributes = new HashMap<String, String>(); attributes.put("Policy", policy.toJson()); // Create the request to set the queue attributes for policy SetQueueAttributesRequest setQueueAttributesRequest = new SetQueueAttributesRequest().withQueueUrl(queueUrl) .withAttributes(attributes); // Set the queue policy sqsClient.setQueueAttributes(setQueueAttributesRequest); }
From source file:com.clicktravel.infrastructure.messaging.aws.sns.DefaultSnsTopicResourceFactory.java
License:Apache License
private Policy allowAllQueuesPolicy(final SnsTopicResource snsTopicResource) { final String topicArn = snsTopicResource.getTopicArn(); final String[] topicArnParts = topicArn.split(":"); final String sourceOwner = topicArnParts[topicArnParts.length - 2]; final Condition condition = new Condition().withType("StringEquals").withConditionKey("AWS:SourceOwner") .withValues(sourceOwner);/*from w w w .ja va 2 s . c om*/ final Action receiveAction = new Action() { @Override public String getActionName() { return "sns:Receive"; } }; final Statement recieveStatement = new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(receiveAction).withResources(new Resource(topicArn)).withConditions(condition); final Statement subscribeStatement = new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(SNSActions.Subscribe); return new Policy().withStatements(recieveStatement, subscribeStatement); }
From source file:com.clicktravel.infrastructure.messaging.aws.sqs.DefaultSqsQueueResourceFactory.java
License:Apache License
private Statement acceptMessagesFromTopicStatement(final SqsQueueResource sqsQueueResource, final SnsTopicResource snsTopicResource) { return new Statement(Effect.Allow).withPrincipals(Principal.AllUsers).withActions(SQSActions.SendMessage) .withResources(new Resource(sqsQueueResource.queueArn())) .withConditions(new ArnCondition(ArnComparisonType.ArnEquals, ConditionFactory.SOURCE_ARN_CONDITION_KEY, snsTopicResource.getTopicArn())); }
From source file:com.connexience.server.model.archive.glacier.SetupUtils.java
License:Open Source License
public static SQSInfo setupSQS(String accessKey, String secretKey, String domainName, String vaultName) { SQSInfo sqsInfo = null;/* ww w . j av a 2 s .co m*/ try { AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey); AmazonSQSClient amazonSQSClient = new AmazonSQSClient(awsCredentials); amazonSQSClient.setEndpoint("https://sqs." + domainName + ".amazonaws.com/"); String queueName = vaultName + "-inkspot_glacier-queue"; CreateQueueRequest createQueueRequest = new CreateQueueRequest(); createQueueRequest.withQueueName(queueName); CreateQueueResult createQueueResult = amazonSQSClient.createQueue(createQueueRequest); if (createQueueResult != null) { String queueURL = createQueueResult.getQueueUrl(); GetQueueAttributesRequest getQueueAttributesRequest = new GetQueueAttributesRequest(); getQueueAttributesRequest.withQueueUrl(queueURL); getQueueAttributesRequest.withAttributeNames("QueueArn"); GetQueueAttributesResult getQueueAttributesResult = amazonSQSClient .getQueueAttributes(getQueueAttributesRequest); if (getQueueAttributesResult != null) { String queueARN = getQueueAttributesResult.getAttributes().get("QueueArn"); Statement sqsStatement = new Statement(Effect.Allow); sqsStatement.withPrincipals(Principal.AllUsers); sqsStatement.withActions(SQSActions.SendMessage); sqsStatement.withResources(new Resource(queueARN)); Policy sqsPolicy = new Policy(); sqsPolicy.withStatements(sqsStatement); Map<String, String> sqsAttributes = new HashMap<>(); sqsAttributes.put("Policy", sqsPolicy.toJson()); SetQueueAttributesRequest setQueueAttributesRequest = new SetQueueAttributesRequest(); setQueueAttributesRequest.withQueueUrl(queueURL); setQueueAttributesRequest.withAttributes(sqsAttributes); amazonSQSClient.setQueueAttributes(setQueueAttributesRequest); sqsInfo = new SQSInfo(queueARN, queueURL); } else logger.warn("Unable to get queue attributes: \"" + queueName + "\""); } else logger.warn("Unable to create queue: \"" + queueName + "\""); amazonSQSClient.shutdown(); } catch (AmazonServiceException amazonServiceException) { logger.warn("AmazonServiceException: " + amazonServiceException); logger.debug(amazonServiceException); } catch (IllegalArgumentException illegalArgumentException) { logger.warn("IllegalArgumentException: " + illegalArgumentException); logger.debug(illegalArgumentException); } catch (AmazonClientException amazonClientException) { logger.warn("AmazonClientException: " + amazonClientException); logger.debug(amazonClientException); } catch (Throwable throwable) { logger.warn("Throwable: " + throwable); logger.debug(throwable); } return sqsInfo; }
From source file:com.leverno.ysbos.archive.example.AmazonGlacierDownloadInventoryWithSQSPolling.java
License:Open Source License
private static void setupSQS() { CreateQueueRequest request = new CreateQueueRequest().withQueueName(sqsQueueName); CreateQueueResult result = sqsClient.createQueue(request); sqsQueueURL = result.getQueueUrl();//from ww w. jav a 2s . co m GetQueueAttributesRequest qRequest = new GetQueueAttributesRequest().withQueueUrl(sqsQueueURL) .withAttributeNames("QueueArn"); GetQueueAttributesResult qResult = sqsClient.getQueueAttributes(qRequest); sqsQueueARN = qResult.getAttributes().get("QueueArn"); Policy sqsPolicy = new Policy() .withStatements(new Statement(Effect.Allow).withPrincipals(Principal.AllUsers) .withActions(SQSActions.SendMessage).withResources(new Resource(sqsQueueARN))); Map<String, String> queueAttributes = new HashMap<String, String>(); queueAttributes.put("Policy", sqsPolicy.toJson()); sqsClient.setQueueAttributes(new SetQueueAttributesRequest(sqsQueueURL, queueAttributes)); }
From source file:com.netflix.conductor.contribs.queue.sqs.SQSObservableQueue.java
License:Apache License
private String getPolicy(List<String> accountIds) { Policy policy = new Policy("ReloadedWorkerAccessPolicy"); Statement stmt = new Statement(Effect.Allow); Action action = SQSActions.SendMessage; stmt.getActions().add(action);//from w ww . j a v a2 s . c o m stmt.setResources(new LinkedList<>()); for (String accountId : accountIds) { Principal principal = new Principal(accountId); stmt.getPrincipals().add(principal); } stmt.getResources().add(new Resource(getQueueARN())); policy.getStatements().add(stmt); return policy.toJson(); }
From source file:com.netflix.spinnaker.clouddriver.aws.lifecycle.InstanceTerminationLifecycleAgent.java
License:Apache License
private static Policy buildSNSPolicy(ARN topicARN, List<String> allAccountIds) { Statement statement = new Statement(Statement.Effect.Allow).withActions(SNSActions.Publish); statement.setPrincipals(allAccountIds.stream().map(Principal::new).collect(Collectors.toList())); statement.setResources(Collections.singletonList(new Resource(topicARN.arn))); return new Policy("allow-remote-account-send", Collections.singletonList(statement)); }
From source file:com.netflix.spinnaker.clouddriver.aws.lifecycle.InstanceTerminationLifecycleAgent.java
License:Apache License
private static Policy buildSQSPolicy(ARN queue, ARN topic) { Statement statement = new Statement(Statement.Effect.Allow).withActions(SQSActions.SendMessage); statement.setPrincipals(Principal.All); statement.setResources(Collections.singletonList(new Resource(queue.arn))); statement.setConditions(Collections.singletonList( new Condition().withType("ArnEquals").withConditionKey("aws:SourceArn").withValues(topic.arn))); return new Policy("allow-sns-topic-send", Collections.singletonList(statement)); }
From source file:com.netflix.spinnaker.clouddriver.aws.lifecycle.InstanceTerminationLifecycleWorker.java
License:Apache License
/** * This policy allows operators to choose whether or not to have lifecycle hooks to be sent via SNS for fanout, or * be sent directly to an SQS queue from the autoscaling group. *///from w w w . j a v a 2 s.c o m private static Policy buildSQSPolicy(ARN queue, ARN topic, Set<String> terminatingRoleArns) { Statement snsStatement = new Statement(Effect.Allow).withActions(SQSActions.SendMessage); snsStatement.setPrincipals(Principal.All); snsStatement.setResources(Collections.singletonList(new Resource(queue.arn))); snsStatement.setConditions(Collections.singletonList( new Condition().withType("ArnEquals").withConditionKey("aws:SourceArn").withValues(topic.arn))); Statement sqsStatement = new Statement(Effect.Allow).withActions(SQSActions.SendMessage, SQSActions.GetQueueUrl); sqsStatement.setPrincipals(terminatingRoleArns.stream().map(Principal::new).collect(Collectors.toList())); sqsStatement.setResources(Collections.singletonList(new Resource(queue.arn))); return new Policy("allow-sns-or-sqs-send", Arrays.asList(snsStatement, sqsStatement)); }