com.amazonaws.auth.policy (AWS SDK for Android

Overview

Package

Class

Index

Help

PREV PACKAGE NEXT PACKAGE

FRAMES NO FRAMES

Package com.amazonaws.auth.policy

Classes for creating custom AWS access control policies.

See:
Description

Interface Summary
Action	An access control policy action identifies a specific action in a service that can be performed on a resource.

Class Summary
Condition	AWS access control policy conditions are contained in `Statement` objects, and affect when a statement is applied.
Policy	An AWS access control policy is a object that acts as a container for one or more statements, which specify fine grained rules for allowing or denying various types of actions from being performed on your AWS resources.
Principal	A principal is an AWS account which is being allowed or denied access to a resource through an access control policy.
Resource	Represents a resource involved in an AWS access control policy statement.
Statement	A statement is the formal description of a single permission, and is always contained within a policy object.

Enum Summary
Statement.Effect	The effect is the result that you want a policy statement to return at evaluation time.

Package com.amazonaws.auth.policy Description

Classes for creating custom AWS access control policies. Policies allow you to specify fine grained access controls on your AWS resources. You can allow or deny access to your AWS resources based on:

what resource is being accessed
who is accessing the resource (i.e. the principal)
what action is being taken on the resource
a variety of conditions including date restrictions, IP address restrictions, etc.

Access control policies are a collection of statements. Each statement takes the form: "A has permission to do B to C where D applies".

A is the principal - the AWS account that is making a request to access or modify one of your AWS resources.
B is the action - the way in which your AWS resource is being accessed or modified, such as sending a message to an Amazon SQS queue, or storing an object in an Amazon S3 bucket.
C is the resource - your AWS entity that the principal wants to access, such as an Amazon SQS queue, or an object stored in Amazon S3.
D is the set of conditions - optional constraints that specify when to allow or deny access for the principal to access your resource. Many expressive conditions are available, some specific to each service. For example you can use date conditions to allow access to your resources only after or before a specific time.

The following code creates a policy to allow a specific AWS account to send and receive messages using one of your Amazon SQS queues:

    Policy policy = new Policy("MyQueuePolicy");
    policy.withStatements(new Statement(Effect.Allow)
           .withPrincipals(new Principal("123456789012"))
           .withActions(SQSActions.SendMessage, SQSActions.ReceiveMessage)
           .withResources(new SQSQueueResource("987654321000", "queue2")));

Once you've created a policy, you need to use methods on the service to upload your policy to AWS.