Example usage for com.amazonaws.auth.policy Statement withResources

List of usage examples for com.amazonaws.auth.policy Statement withResources

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.auth.policy.*
  5. Statement
  6. withResources

Introduction

In this page you can find the example usage for com.amazonaws.auth.policy Statement withResources.

Prototype

public Statement withResources(Resource... resources)

Source Link

Document

Sets the resources associated with this policy statement and returns this updated Statement object so that additional method calls can be chained together.

Usage

From source file:com.connexience.server.model.archive.glacier.SetupUtils.java

License:Open Source License

public static SQSInfo setupSQS(String accessKey, String secretKey, String domainName, String vaultName) {
    SQSInfo sqsInfo = null;/*from w w  w.  ja v  a2s  .  c o  m*/
    try {
        AWSCredentials awsCredentials = new BasicAWSCredentials(accessKey, secretKey);

        AmazonSQSClient amazonSQSClient = new AmazonSQSClient(awsCredentials);
        amazonSQSClient.setEndpoint("https://sqs." + domainName + ".amazonaws.com/");

        String queueName = vaultName + "-inkspot_glacier-queue";
        CreateQueueRequest createQueueRequest = new CreateQueueRequest();
        createQueueRequest.withQueueName(queueName);

        CreateQueueResult createQueueResult = amazonSQSClient.createQueue(createQueueRequest);
        if (createQueueResult != null) {
            String queueURL = createQueueResult.getQueueUrl();

            GetQueueAttributesRequest getQueueAttributesRequest = new GetQueueAttributesRequest();
            getQueueAttributesRequest.withQueueUrl(queueURL);
            getQueueAttributesRequest.withAttributeNames("QueueArn");

            GetQueueAttributesResult getQueueAttributesResult = amazonSQSClient
                    .getQueueAttributes(getQueueAttributesRequest);

            if (getQueueAttributesResult != null) {
                String queueARN = getQueueAttributesResult.getAttributes().get("QueueArn");

                Statement sqsStatement = new Statement(Effect.Allow);
                sqsStatement.withPrincipals(Principal.AllUsers);
                sqsStatement.withActions(SQSActions.SendMessage);
                sqsStatement.withResources(new Resource(queueARN));

                Policy sqsPolicy = new Policy();
                sqsPolicy.withStatements(sqsStatement);

                Map<String, String> sqsAttributes = new HashMap<>();
                sqsAttributes.put("Policy", sqsPolicy.toJson());

                SetQueueAttributesRequest setQueueAttributesRequest = new SetQueueAttributesRequest();
                setQueueAttributesRequest.withQueueUrl(queueURL);
                setQueueAttributesRequest.withAttributes(sqsAttributes);

                amazonSQSClient.setQueueAttributes(setQueueAttributesRequest);

                sqsInfo = new SQSInfo(queueARN, queueURL);
            } else
                logger.warn("Unable to get queue attributes: \"" + queueName + "\"");
        } else
            logger.warn("Unable to create queue: \"" + queueName + "\"");

        amazonSQSClient.shutdown();
    } catch (AmazonServiceException amazonServiceException) {
        logger.warn("AmazonServiceException: " + amazonServiceException);
        logger.debug(amazonServiceException);
    } catch (IllegalArgumentException illegalArgumentException) {
        logger.warn("IllegalArgumentException: " + illegalArgumentException);
        logger.debug(illegalArgumentException);
    } catch (AmazonClientException amazonClientException) {
        logger.warn("AmazonClientException: " + amazonClientException);
        logger.debug(amazonClientException);
    } catch (Throwable throwable) {
        logger.warn("Throwable: " + throwable);
        logger.debug(throwable);
    }

    return sqsInfo;
}

From source file:com.nike.cerberus.service.KmsPolicyService.java

License:Apache License

public String generateStandardKmsPolicy(final String iamRoleAccountId, final String iamRoleName) {
    Policy kmsPolicy = new Policy();

    Statement rootUserStatement = new Statement(Statement.Effect.Allow);
    rootUserStatement.withId("Root User Has All Actions");
    rootUserStatement.withPrincipals(new Principal(AWS_PROVIDER, rootUserArn, false));
    rootUserStatement.withActions(KmsActions.AllKmsActions);
    rootUserStatement.withResources(new Resource("*"));

    Statement keyAdministratorStatement = new Statement(Statement.Effect.Allow);
    keyAdministratorStatement.withId("Admin Role Has All Actions");
    keyAdministratorStatement.withPrincipals(new Principal(AWS_PROVIDER, adminRoleArn, false));
    keyAdministratorStatement.withActions(KmsActions.AllKmsActions);
    keyAdministratorStatement.withResources(new Resource("*"));

    Statement instanceUsageStatement = new Statement(Statement.Effect.Allow);
    instanceUsageStatement.withId("CMS Role Key Access");
    instanceUsageStatement.withPrincipals(new Principal(AWS_PROVIDER, cmsRoleArn, false));
    instanceUsageStatement.withActions(KmsActions.EncryptAction, KmsActions.DecryptAction,
            KmsActions.AllReEncryptActions, KmsActions.AllGenerateDataKeyActions, KmsActions.DescribeKey);
    instanceUsageStatement.withResources(new Resource("*"));

    Statement iamRoleUsageStatement = new Statement(Statement.Effect.Allow);
    iamRoleUsageStatement.withId("Target IAM Role Has Decrypt Action");
    iamRoleUsageStatement.withPrincipals(new Principal(AWS_PROVIDER,
            String.format("arn:aws:iam::%s:role/%s", iamRoleAccountId, iamRoleName), false));
    iamRoleUsageStatement.withActions(KmsActions.DecryptAction);
    iamRoleUsageStatement.withResources(new Resource("*"));

    kmsPolicy.withStatements(rootUserStatement, keyAdministratorStatement, instanceUsageStatement,
            iamRoleUsageStatement);//  w w  w .  jav  a  2 s.c o  m

    return kmsPolicy.toJson();
}