Example usage for com.amazonaws.auth.policy Statement withPrincipals

List of usage examples for com.amazonaws.auth.policy Statement withPrincipals

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.auth.policy.*
  5. Statement
  6. withPrincipals

Introduction

In this page you can find the example usage for com.amazonaws.auth.policy Statement withPrincipals.

Prototype

public Statement withPrincipals(Principal... principals)

Source Link

Document

Sets the principals associated with this policy statement, and returns this updated Statement object.

Usage

From source file:com.connexience.server.model.archive.glacier.SetupUtils.java

License:Open Source License

public static SQSInfo setupSQS(String accessKey, String secretKey, String domainName, String vaultName) {
    SQSInfo sqsInfo = null;/* w  w  w.j a  v  a  2 s . c o m*/
    try {
        AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey);

        AmazonSQSClient amazonSQSClient = new AmazonSQSClient(awsCredentials);
        amazonSQSClient.setEndpoint("https://sqs." + domainName + ".amazonaws.com/");

        String queueName = vaultName + "-inkspot_glacier-queue";
        CreateQueueRequest createQueueRequest = new CreateQueueRequest();
        createQueueRequest.withQueueName(queueName);

        CreateQueueResult createQueueResult = amazonSQSClient.createQueue(createQueueRequest);
        if (createQueueResult != null) {
            String queueURL = createQueueResult.getQueueUrl();

            GetQueueAttributesRequest getQueueAttributesRequest = new GetQueueAttributesRequest();
            getQueueAttributesRequest.withQueueUrl(queueURL);
            getQueueAttributesRequest.withAttributeNames("QueueArn");

            GetQueueAttributesResult getQueueAttributesResult = amazonSQSClient
                    .getQueueAttributes(getQueueAttributesRequest);

            if (getQueueAttributesResult != null) {
                String queueARN = getQueueAttributesResult.getAttributes().get("QueueArn");

                Statement sqsStatement = new Statement(Effect.Allow);
                sqsStatement.withPrincipals(Principal.AllUsers);
                sqsStatement.withActions(SQSActions.SendMessage);
                sqsStatement.withResources(new Resource(queueARN));

                Policy sqsPolicy = new Policy();
                sqsPolicy.withStatements(sqsStatement);

                Map<String, String> sqsAttributes = new HashMap<>();
                sqsAttributes.put("Policy", sqsPolicy.toJson());

                SetQueueAttributesRequest setQueueAttributesRequest = new SetQueueAttributesRequest();
                setQueueAttributesRequest.withQueueUrl(queueURL);
                setQueueAttributesRequest.withAttributes(sqsAttributes);

                amazonSQSClient.setQueueAttributes(setQueueAttributesRequest);

                sqsInfo = new SQSInfo(queueARN, queueURL);
            } else
                logger.warn("Unable to get queue attributes: \"" + queueName + "\"");
        } else
            logger.warn("Unable to create queue: \"" + queueName + "\"");

        amazonSQSClient.shutdown();
    } catch (AmazonServiceException amazonServiceException) {
        logger.warn("AmazonServiceException: " + amazonServiceException);
        logger.debug(amazonServiceException);
    } catch (IllegalArgumentException illegalArgumentException) {
        logger.warn("IllegalArgumentException: " + illegalArgumentException);
        logger.debug(illegalArgumentException);
    } catch (AmazonClientException amazonClientException) {
        logger.warn("AmazonClientException: " + amazonClientException);
        logger.debug(amazonClientException);
    } catch (Throwable throwable) {
        logger.warn("Throwable: " + throwable);
        logger.debug(throwable);
    }

    return sqsInfo;
}

From source file:com.nike.cerberus.service.KmsPolicyService.java

License:Apache License

public String generateStandardKmsPolicy(final String iamRoleAccountId, final String iamRoleName) {
    Policy kmsPolicy = new Policy();

    Statement rootUserStatement = new Statement(Statement.Effect.Allow);
    rootUserStatement.withId("Root User Has All Actions");
    rootUserStatement.withPrincipals(new Principal(AWS_PROVIDER, rootUserArn, false));
    rootUserStatement.withActions(KmsActions.AllKmsActions);
    rootUserStatement.withResources(new Resource("*"));

    Statement keyAdministratorStatement = new Statement(Statement.Effect.Allow);
    keyAdministratorStatement.withId("Admin Role Has All Actions");
    keyAdministratorStatement.withPrincipals(new Principal(AWS_PROVIDER, adminRoleArn, false));
    keyAdministratorStatement.withActions(KmsActions.AllKmsActions);
    keyAdministratorStatement.withResources(new Resource("*"));

    Statement instanceUsageStatement = new Statement(Statement.Effect.Allow);
    instanceUsageStatement.withId("CMS Role Key Access");
    instanceUsageStatement.withPrincipals(new Principal(AWS_PROVIDER, cmsRoleArn, false));
    instanceUsageStatement.withActions(KmsActions.EncryptAction, KmsActions.DecryptAction,
            KmsActions.AllReEncryptActions, KmsActions.AllGenerateDataKeyActions, KmsActions.DescribeKey);
    instanceUsageStatement.withResources(new Resource("*"));

    Statement iamRoleUsageStatement = new Statement(Statement.Effect.Allow);
    iamRoleUsageStatement.withId("Target IAM Role Has Decrypt Action");
    iamRoleUsageStatement.withPrincipals(new Principal(AWS_PROVIDER,
            String.format("arn:aws:iam::%s:role/%s", iamRoleAccountId, iamRoleName), false));
    iamRoleUsageStatement.withActions(KmsActions.DecryptAction);
    iamRoleUsageStatement.withResources(new Resource("*"));

    kmsPolicy.withStatements(rootUserStatement, keyAdministratorStatement, instanceUsageStatement,
            iamRoleUsageStatement);/*from  w  ww  .j a  va2  s.c o  m*/

    return kmsPolicy.toJson();
}