Package software.amazon.awssdk.core.auth.policy

Class Principal

  • public class Principal
extends Object
    A principal is an AWS account or AWS web service, which is being allowed or denied access to a resource through an access control policy. The principal is a property of the Statement object, not directly the Policy object.

    The principal is A in the statement "A has permission to do B to C where D applies."

    In an access control policy statement, you can set the principal to all authenticated AWS users through the ALL_USERS member. This is useful when you don't want to restrict access based on the identity of the requester, but instead on other identifying characteristics such as the requester's IP address.

    • Field Detail

      • ALL_USERS

        public static final Principal ALL_USERS
        Principal instance that includes all users, including anonymous users.

        This is useful when you don't want to restrict access based on the identity of the requester, but instead on other identifying characteristics such as the requester's IP address.

      • ALL_SERVICES

        public static final Principal ALL_SERVICES
        Principal instance that includes all AWS web services.

      • ALL_WEB_PROVIDERS

        public static final Principal ALL_WEB_PROVIDERS
        Principal instance that includes all the web identity providers.

      • ALL

        public static final Principal ALL
        Principal instance that includes all the AWS accounts, AWS web services and web identity providers.

    • Constructor Detail

      • Principal

        public Principal​(Principal.Service service)
        Constructs a new principal with the specified AWS web service which is being allowed or denied access to a resource through an access control policy.
        Parameters:
        service - An AWS service.

      • Principal

        public Principal​(String accountId)
        Constructs a new principal with the specified AWS account ID. This method automatically strips hyphen characters found in the account Id.
        Parameters:
        accountId - An AWS account ID.

      • Principal

        public Principal​(String provider,
                 String id)
        Constructs a new principal with the specified id and provider. This method automatically strips hyphen characters found in the account ID if the provider is "AWS".

      • Principal

        public Principal​(String provider,
                 String id,
                 boolean stripHyphen)
        Constructs a new principal with the specified id and provider. This method optionally strips hyphen characters found in the account Id.

      • Principal

        public Principal​(Principal.WebIdentityProvider webIdentityProvider)
        Constructs a new principal with the specified web identity provider.
        Parameters:
        webIdentityProvider - An web identity provider.

    • Method Detail

      • getProvider

        public String getProvider()
        Returns the provider for this principal, which indicates in what group of users this principal resides.
        Returns:
        The provider for this principal.

      • getId

        public String getId()
        Returns the unique ID for this principal.
        Returns:
        The unique ID for this principal.

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object

      • equals

        public boolean equals​(Object principal)
        Overrides:
        equals in class Object