Class Policy
- java.lang.Object
-
- com.amazonaws.auth.policy.Policy
-
public class Policy extends Object
An AWS access control policy is a object that acts as a container for one or more statements, which specify fine grained rules for allowing or denying various types of actions from being performed on your AWS resources.By default, all requests to use your resource coming from anyone but you are denied. Access control polices can override that by allowing different types of access to your resources, or by explicitly denying different types of access.
Each statement in an AWS access control policy takes the form: "A has permission to do B to C where D applies".
- A is the principal - the AWS account that is making a request to access or modify one of your AWS resources.
- B is the action - the way in which your AWS resource is being accessed or modified, such as sending a message to an Amazon SQS queue, or storing an object in an Amazon S3 bucket.
- C is the resource - your AWS entity that the principal wants to access, such as an Amazon SQS queue, or an object stored in Amazon S3.
- D is the set of conditions - optional constraints that specify when to allow or deny access for the principal to access your resource. Many expressive conditions are available, some specific to each service. For example you can use date conditions to allow access to your resources only after or before a specific time.
Note that an AWS access control policy should not be confused with the similarly named "POST form policy" concept used in Amazon S3.
-
-
Constructor Summary
Constructors Constructor Description Policy()
Constructs an empty AWS access control policy ready to be populated with statements.Policy(String id)
Constructs a new AWS access control policy with the specified policy ID.Policy(String id, Collection<Statement> statements)
Constructs a new AWS access control policy with the specified policy ID and collection of statements.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static Policy
fromJson(String jsonString)
Returns an AWS access control policy object generated from JSON string.String
getId()
Returns the policy ID for this policy.Collection<Statement>
getStatements()
Returns the collection of statements contained by this policy.String
getVersion()
Returns the version of this AWS policy.void
setId(String id)
Sets the policy ID for this policy.void
setStatements(Collection<Statement> statements)
Sets the collection of statements contained by this policy.String
toJson()
Returns a JSON string representation of this AWS access control policy, suitable to be sent to an AWS service as part of a request to set an access control policy.Policy
withId(String id)
Sets the policy ID for this policy and returns the updated policy so that multiple calls can be chained together.Policy
withStatements(Statement... statements)
Sets the collection of statements contained by this policy and returns this policy object so that additional method calls can be chained together.
-
-
-
Constructor Detail
-
Policy
public Policy()
Constructs an empty AWS access control policy ready to be populated with statements.
-
Policy
public Policy(String id)
Constructs a new AWS access control policy with the specified policy ID. The policy ID is a user specified string that serves to help developers keep track of multiple polices. Policy IDs are often used as a human readable name for a policy.- Parameters:
id
- The policy ID for the new policy object. Policy IDs serve to help developers keep track of multiple policies, and are often used to give the policy a meaningful, human readable name.
-
Policy
public Policy(String id, Collection<Statement> statements)
Constructs a new AWS access control policy with the specified policy ID and collection of statements. The policy ID is a user specified string that serves to help developers keep track of multiple polices. Policy IDs are often used as a human readable name for a policy.Any statements that don't have a statement ID yet will automatically be assigned a unique ID within this policy.
- Parameters:
id
- The policy ID for the new policy object. Policy IDs serve to help developers keep track of multiple policies, and are often used to give the policy a meaningful, human readable name.statements
- The statements to include in the new policy.
-
-
Method Detail
-
getId
public String getId()
Returns the policy ID for this policy. Policy IDs serve to help developers keep track of multiple policies, and are often used as human readable name for a policy.- Returns:
- The policy ID for this policy.
-
setId
public void setId(String id)
Sets the policy ID for this policy. Policy IDs serve to help developers keep track of multiple policies, and are often used as human readable name for a policy.- Parameters:
id
- The policy ID for this policy.
-
withId
public Policy withId(String id)
Sets the policy ID for this policy and returns the updated policy so that multiple calls can be chained together.Policy IDs serve to help developers keep track of multiple policies, and are often used as human readable name for a policy.
- Parameters:
id
- The policy ID for this policy.- Returns:
- The updated Policy object so that additional calls can be chained together.
-
getVersion
public String getVersion()
Returns the version of this AWS policy.- Returns:
- The version of this AWS policy.
-
getStatements
public Collection<Statement> getStatements()
Returns the collection of statements contained by this policy. Individual statements in a policy are what specify the rules that enable or disable access to your AWS resources.- Returns:
- The collection of statements contained by this policy.
-
setStatements
public void setStatements(Collection<Statement> statements)
Sets the collection of statements contained by this policy. Individual statements in a policy are what specify the rules that enable or disable access to your AWS resources.Any statements that don't have a statement ID yet will automatically be assigned a unique ID within this policy.
- Parameters:
statements
- The collection of statements included in this policy.
-
withStatements
public Policy withStatements(Statement... statements)
Sets the collection of statements contained by this policy and returns this policy object so that additional method calls can be chained together.Individual statements in a policy are what specify the rules that enable or disable access to your AWS resources.
Any statements that don't have a statement ID yet will automatically be assigned a unique ID within this policy.
- Parameters:
statements
- The collection of statements included in this policy.- Returns:
- The updated policy object, so that additional method calls can be chained together.
-
toJson
public String toJson()
Returns a JSON string representation of this AWS access control policy, suitable to be sent to an AWS service as part of a request to set an access control policy.- Returns:
- A JSON string representation of this AWS access control policy.
-
fromJson
public static Policy fromJson(String jsonString)
Returns an AWS access control policy object generated from JSON string.- Parameters:
jsonString
- The JSON string representation of this AWS access control policy.- Returns:
- An AWS access control policy object.
- Throws:
IllegalArgumentException
- If the specified JSON string is null or invalid and cannot be converted to an AWS policy object.
-
-