Package software.amazon.awssdk.core.auth.policy.conditions

Class ConditionFactory

  • public final class ConditionFactory
extends Object
    Factory for creating common AWS access control policy conditions. These conditions are common for AWS services and can be expected to work across any service that supports AWS access control policies.

    • Field Detail

      • CURRENT_TIME_CONDITION_KEY

        public static final String CURRENT_TIME_CONDITION_KEY
        Condition key for the current time.

        This condition key should only be used with DateCondition objects.

        See Also:
        Constant Field Values

      • SOURCE_IP_CONDITION_KEY

        public static final String SOURCE_IP_CONDITION_KEY
        Condition key for the source IP from which a request originates.

        This condition key should only be used with IpAddressCondition objects.

        See Also:
        Constant Field Values

      • SOURCE_ARN_CONDITION_KEY

        public static final String SOURCE_ARN_CONDITION_KEY
        Condition key for the Amazon Resource Name (ARN) of the source specified in a request. The source ARN indicates which resource is affecting the resource listed in your policy. For example, an SNS topic is the source ARN when publishing messages from the topic to an SQS queue.

        This condition key should only be used with ArnCondition objects.

        See Also:
        Constant Field Values

    • Method Detail

      • newSourceArnCondition

        public static Condition newSourceArnCondition​(String arnPattern)
        Constructs a new access policy condition that compares the Amazon Resource Name (ARN) of the source of an AWS resource that is modifying another AWS resource with the specified pattern.

        For example, the source ARN could be an Amazon SNS topic ARN that is sending messages to an Amazon SQS queue. In that case, the SNS topic ARN would be compared the ARN pattern specified here.

        The endpoint pattern may optionally contain the multi-character wildcard (*) or the single-character wildcard (?). Each of the six colon-delimited components of the ARN is checked separately and each can include a wildcard. 

         Policy policy = new Policy("MyQueuePolicy");
 policy.withStatements(new Statement("AllowSNSMessages", Effect.Allow)
         .withPrincipals(new Principal("*")).withActions(SQSActions.SendMessage)
         .withResources(new Resource(myQueueArn))
         .withConditions(ConditionFactory.newSourceArnCondition(myTopicArn)));
        Parameters:
        arnPattern - The ARN pattern against which the source ARN will be compared. Each of the six colon-delimited components of the ARN is checked separately and each can include a wildcard.
        Returns:
        A new access control policy condition that compares the ARN of the source specified in an incoming request with the ARN pattern specified here.