Example usage for com.amazonaws.auth.policy Statement withId

List of usage examples for com.amazonaws.auth.policy Statement withId

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.auth.policy.*
  5. Statement
  6. withId

Introduction

In this page you can find the example usage for com.amazonaws.auth.policy Statement withId.

Prototype

public Statement withId(String id)

Source Link

Document

Sets the ID for this statement and returns the updated statement so multiple calls can be chained together.

Usage

From source file:com.nike.cerberus.service.KmsPolicyService.java

License:Apache License

public String generateStandardKmsPolicy(final String iamRoleAccountId, final String iamRoleName) {
    Policy kmsPolicy = new Policy();

    Statement rootUserStatement = new Statement(Statement.Effect.Allow);
    rootUserStatement.withId("Root User Has All Actions");
    rootUserStatement.withPrincipals(new Principal(AWS_PROVIDER, rootUserArn, false));
    rootUserStatement.withActions(KmsActions.AllKmsActions);
    rootUserStatement.withResources(new Resource("*"));

    Statement keyAdministratorStatement = new Statement(Statement.Effect.Allow);
    keyAdministratorStatement.withId("Admin Role Has All Actions");
    keyAdministratorStatement.withPrincipals(new Principal(AWS_PROVIDER, adminRoleArn, false));
    keyAdministratorStatement.withActions(KmsActions.AllKmsActions);
    keyAdministratorStatement.withResources(new Resource("*"));

    Statement instanceUsageStatement = new Statement(Statement.Effect.Allow);
    instanceUsageStatement.withId("CMS Role Key Access");
    instanceUsageStatement.withPrincipals(new Principal(AWS_PROVIDER, cmsRoleArn, false));
    instanceUsageStatement.withActions(KmsActions.EncryptAction, KmsActions.DecryptAction,
            KmsActions.AllReEncryptActions, KmsActions.AllGenerateDataKeyActions, KmsActions.DescribeKey);
    instanceUsageStatement.withResources(new Resource("*"));

    Statement iamRoleUsageStatement = new Statement(Statement.Effect.Allow);
    iamRoleUsageStatement.withId("Target IAM Role Has Decrypt Action");
    iamRoleUsageStatement.withPrincipals(new Principal(AWS_PROVIDER,
            String.format("arn:aws:iam::%s:role/%s", iamRoleAccountId, iamRoleName), false));
    iamRoleUsageStatement.withActions(KmsActions.DecryptAction);
    iamRoleUsageStatement.withResources(new Resource("*"));

    kmsPolicy.withStatements(rootUserStatement, keyAdministratorStatement, instanceUsageStatement,
            iamRoleUsageStatement);//from  w ww .jav a2s. c om

    return kmsPolicy.toJson();
}