public class Principal extends Object
Statement
object, not directly the Policy
object.
The principal is A in the statement "A has permission to do B to C where D applies."
In an access control policy statement, you can set the principal to all
authenticated AWS users through the ALL_USERS
member. This
is useful when you don't want to restrict access based on the identity of the
requester, but instead on other identifying characteristics such as the
requester's IP address.
Modifier and Type | Class and Description |
---|---|
static class |
Principal.Service
The services who have the right to do the assume the role
action.
|
static class |
Principal.WebIdentityProvider
Web identity providers, such as Login with Amazon, Facebook, or Google.
|
Modifier and Type | Field and Description |
---|---|
static Principal |
ALL
Principal instance that includes all the AWS accounts, AWS web services and web identity providers.
|
static Principal |
ALL_SERVICES
Principal instance that includes all AWS web services.
|
static Principal |
ALL_USERS
Principal instance that includes all users, including anonymous users.
|
static Principal |
ALL_WEB_PROVIDERS
Principal instance that includes all the web identity providers.
|
Constructor and Description |
---|
Principal(Principal.Service service)
Constructs a new principal with the specified AWS web service which
is being allowed or denied access to a resource through an access control
policy.
|
Principal(Principal.WebIdentityProvider webIdentityProvider)
Constructs a new principal with the specified web identity provider.
|
Principal(String accountId)
Constructs a new principal with the specified AWS account ID.
|
Principal(String provider,
String id)
Constructs a new principal with the specified id and provider.
|
Principal(String provider,
String id,
boolean stripHyphen)
Constructs a new principal with the specified id and provider.
|
Modifier and Type | Method and Description |
---|---|
boolean |
equals(Object principal) |
String |
getId()
Returns the unique ID for this principal.
|
String |
getProvider()
Returns the provider for this principal, which indicates in what group of
users this principal resides.
|
int |
hashCode() |
public static final Principal ALL_USERS
This is useful when you don't want to restrict access based on the identity of the requester, but instead on other identifying characteristics such as the requester's IP address.
public static final Principal ALL_SERVICES
public static final Principal ALL_WEB_PROVIDERS
public static final Principal ALL
public Principal(Principal.Service service)
service
- An AWS service.public Principal(String accountId)
accountId
- An AWS account ID.public Principal(String provider, String id)
public Principal(String provider, String id, boolean stripHyphen)
public Principal(Principal.WebIdentityProvider webIdentityProvider)
webIdentityProvider
- An web identity provider.public String getProvider()
public String getId()
Copyright © 2017 Amazon Web Services, Inc. All Rights Reserved.