Examples of com.amazonaws.auth.policy.Statement

• com.amazonaws.auth.policy.Statement
  A statement is the formal description of a single permission, and is always contained within a policy object.

  A statement describes a rule for allowing or denying access to a specific AWS resource based on how the resource is being accessed, and who is attempting to access the resource. Statements can also optionally contain a list of conditions that specify when a statement is to be honored.

  For example, consider a statement that:

  • allows access (the effect)
  • for a list of specific AWS account IDs (the principals)
  • when accessing an SQS queue (the resource)
  • using the SendMessage operation (the action)
  • and the request occurs before a specific date (a condition)

  Statements takes the form: "A has permission to do B to C where D applies".

  • A is the principal - the AWS account that is making a request to access or modify one of your AWS resources.
  • B is the action - the way in which your AWS resource is being accessed or modified, such as sending a message to an Amazon SQS queue, or storing an object in an Amazon S3 bucket.
  • C is the resource - your AWS entity that the principal wants to access, such as an Amazon SQS queue, or an object stored in Amazon S3.
  • D is the set of conditions - optional constraints that specify when to allow or deny access for the principal to access your resource. Many expressive conditions are available, some specific to each service. For example you can use date conditions to allow access to your resources only after or before a specific time.

  There are many resources and conditions available for use in statements, and you can combine them to form fine grained custom access control polices.

        log.error(e.getMessage(), e);
      }
    }

    if (policyId == null || !policyId.equals(publishPolicyKey)) {
      Statement statement = new Statement(Effect.Allow);
      statement
          .withActions(SQSActions.SendMessage)
          .withPrincipals(Principal.AllUsers)
          .withResources(new Resource(queueArn))
          .withConditions(
              new ArnCondition(ArnComparisonType.ArnEquals,

        topicArn = sns.createTopic(new CreateTopicRequest(topicName)).getTopicArn();
        String queueARN = sqs.getQueueAttributes(new GetQueueAttributesRequest(queueUrl).withAttributeNames("QueueArn")).getAttributes().get("QueueArn");

        Policy sqsPolicy =
            new Policy().withStatements(
                    new Statement(Effect.Allow)
                    .withPrincipals(Principal.AllUsers)
                    .withActions(SQSActions.SendMessage)
                    .withResources(new Resource(queueARN))
                    .withConditions(ConditionFactory.newSourceArnCondition(topicArn)));
        sqs.setQueueAttributes(new SetQueueAttributesRequest(queueUrl, newAttributes("Policy", sqsPolicy.toJson())));

            }

            JSONArray jStatements = jPolicy.getJSONArray(JsonDocumentFields.STATEMENT);

            for (int index = 0 ; index < jStatements.length() ; index++) {
                Statement statement = convertStatement(jStatements.getJSONObject(index));
                if (statement != null) {
                statements.add(statement);
                }
            }
        } catch (Exception e) {

    private  Statement convertStatement(JSONObject jStatement) throws JSONException {
        if (!Arrays.asList(JSONObject.getNames(jStatement)).contains(JsonDocumentFields.STATEMENT_EFFECT)) {
            return null;
        }

        Statement statement;
        String jEffect = jStatement.getString(JsonDocumentFields.STATEMENT_EFFECT);
        if (JsonDocumentFields.EFFECT_VALUE_ALLOW.equals(jEffect)) {
            statement = new Statement(Effect.Allow);
        } else {
            statement = new Statement(Effect.Deny);
        }

        if (Arrays.asList(JSONObject.getNames(jStatement)).contains(JsonDocumentFields.STATEMENT_ID)) {
            statement.setId(jStatement.getString(JsonDocumentFields.STATEMENT_ID));
        }

        convertActions(statement, jStatement);
        convertResources(statement, jStatement);
        convertCondition(statement, jStatement);