Interface IamStatement.Builder

All Superinterfaces:
Buildable, CopyableBuilder<IamStatement.Builder,IamStatement>, SdkBuilder<IamStatement.Builder,IamStatement>
All Known Implementing Classes:
DefaultIamStatement.Builder
Enclosing interface:
IamStatement
public static interface IamStatement.Builder extends CopyableBuilder<IamStatement.Builder,IamStatement>
See Also:

  • Method Details

    • sid

      IamStatement.Builder sid(String sid)
      Configure the Sid element of the policy, specifying an identifier for the statement. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookMetadata") // An identifier for the statement
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • effect

      IamStatement.Builder effect(IamEffect effect)
      Configure the Effect element of the policy, specifying whether the statement results in an allow or deny.

      This value is required. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookMetadata")
                .effect(IamEffect.ALLOW) // The statement ALLOWS access
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • effect

      IamStatement.Builder effect(String effect)
      Configure the Effect element of the policy, specifying whether the statement results in an allow or deny.

      This works the same as effect(IamEffect), except you do not need to IamEffect. This value is required. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookMetadata")
                .effect("Allow") // The statement ALLOWs access
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • principals

      IamStatement.Builder principals(Collection<IamPrincipal> principals)
      Configure the Principal element of the statement, specifying the principals that are allowed or denied access to a resource.

      This will replace any other principals already added to the statement. 

      List<IamPrincipal> bookReaderRoles =
    IamPrincipal.createAll("AWS",
                           Arrays.asList("arn:aws:iam::123456789012:role/books-service",
                                         "arn:aws:iam::123456789012:role/books-operator"));

IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.ALLOW)
                .principals(bookReaderRoles) // This statement allows access to the books service and operators
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addPrincipal

      IamStatement.Builder addPrincipal(IamPrincipal principal)
      Append a Principal to this statement, specifying a principal that is allowed or denied access to a resource. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.ALLOW)
                 // This statement allows access to the books service:
                .addPrincipal(IamPrincipal.create("AWS", "arn:aws:iam::123456789012:role/books-service"))
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addPrincipal

      IamStatement.Builder addPrincipal(Consumer<IamPrincipal.Builder> principal)
      Append a Principal to this statement, specifying a principal that is allowed or denied access to a resource.

      This works the same as addPrincipal(IamPrincipal), except you do not need to specify IamPrincipal .builder() or build(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.ALLOW)
                // This statement allows access to the books service:
                .addPrincipal(p -> p.type("AWS").id("arn:aws:iam::123456789012:role/books-service"))
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addPrincipal

      IamStatement.Builder addPrincipal(IamPrincipalType iamPrincipalType, String principal)
      Append a Principal to this statement, specifying a principal that is allowed or denied access to a resource.

      This works the same as addPrincipal(IamPrincipal), except you do not need to specify IamPrincipal .create(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.ALLOW)
                // This statement allows access to the books service:
                .addPrincipal(IamPrincipalType.AWS, "arn:aws:iam::123456789012:role/books-service")
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addPrincipal

      IamStatement.Builder addPrincipal(String iamPrincipalType, String principal)
      Append a Principal to this statement, specifying a principal that is allowed or denied access to a resource.

      This works the same as addPrincipal(IamPrincipalType, String), except you do not need to specify IamPrincipalType.create(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.ALLOW)
                // This statement allows access to the books service:
                .addPrincipal("AWS", "arn:aws:iam::123456789012:role/books-service")
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addPrincipals

      IamStatement.Builder addPrincipals(IamPrincipalType iamPrincipalType, Collection<String> principals)
      Append multiple Principals to this statement, specifying principals that are allowed or denied access to a resource.

      This works the same as calling addPrincipal(IamPrincipalType, String) multiple times with the same IamPrincipalType. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.ALLOW)
                 // This statement allows access to the books service and operators:
                .addPrincipals(IamPrincipalType.AWS,
                               Arrays.asList("arn:aws:iam::123456789012:role/books-service",
                                            "arn:aws:iam::123456789012:role/books-operator"))
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addPrincipals

      IamStatement.Builder addPrincipals(String iamPrincipalType, Collection<String> principals)
      Append multiple Principals to this statement, specifying principals that are allowed or denied access to a resource.

      This works the same as calling addPrincipal(String, String) multiple times with the same IamPrincipalType. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.ALLOW)
                 // This statement allows access to the books service and operators:
                .addPrincipals("AWS", Arrays.asList("arn:aws:iam::123456789012:role/books-service",
                                                    "arn:aws:iam::123456789012:role/books-operator"))
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • notPrincipals

      IamStatement.Builder notPrincipals(Collection<IamPrincipal> notPrincipals)
      Configure the NotPrincipal element of the statement, specifying that all principals are affected by the policy except the ones listed.

      Very few scenarios require the use of NotPrincipal. We recommend that you explore other authorization options before you decide to use NotPrincipal. NotPrincipal can only be used with IamEffect.DENY statements.

      This will replace any other not-principals already added to the statement. 

      List<IamPrincipal> bookReaderRoles =
    IamPrincipal.createAll("AWS",
                           Arrays.asList("arn:aws:iam::123456789012:role/books-service",
                                         "arn:aws:iam::123456789012:role/books-operator"));

IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.DENY)
                 // This statement denies access to everyone except the books service and operators:
                .notPrincipals(bookReaderRoles)
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addNotPrincipal

      IamStatement.Builder addNotPrincipal(IamPrincipal notPrincipal)
      Append a NotPrincipal to this statement, specifying that all principals are affected by the policy except the ones listed.

      Very few scenarios require the use of NotPrincipal. We recommend that you explore other authorization options before you decide to use NotPrincipal. NotPrincipal can only be used with IamEffect.DENY statements. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.DENY)
                 // This statement denies access to everyone except the books service:
                .addNotPrincipal(IamPrincipal.create("AWS", "arn:aws:iam::123456789012:role/books-service"))
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addNotPrincipal

      IamStatement.Builder addNotPrincipal(Consumer<IamPrincipal.Builder> notPrincipal)
      Append a NotPrincipal to this statement, specifying that all principals are affected by the policy except the ones listed.

      Very few scenarios require the use of NotPrincipal. We recommend that you explore other authorization options before you decide to use NotPrincipal. NotPrincipal can only be used with IamEffect.DENY statements.

      This works the same as addNotPrincipal(IamPrincipal), except you do not need to specify IamPrincipal .builder() or build(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.DENY)
                 // This statement denies access to everyone except the books service:
                .addNotPrincipal(p -> p.type("AWS").id("arn:aws:iam::123456789012:role/books-service"))
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addNotPrincipal

      IamStatement.Builder addNotPrincipal(IamPrincipalType iamPrincipalType, String notPrincipal)
      Append a NotPrincipal to this statement, specifying that all principals are affected by the policy except the ones listed.

      Very few scenarios require the use of NotPrincipal. We recommend that you explore other authorization options before you decide to use NotPrincipal. NotPrincipal can only be used with IamEffect.DENY statements.

      This works the same as addNotPrincipal(IamPrincipal), except you do not need to specify IamPrincipal .create(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.DENY)
                 // This statement denies access to everyone except the books service:
                .addNotPrincipal(IamPrincipalType.AWS, "arn:aws:iam::123456789012:role/books-service")
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addNotPrincipal

      IamStatement.Builder addNotPrincipal(String iamPrincipalType, String notPrincipal)
      Append a NotPrincipal to this statement, specifying that all principals are affected by the policy except the ones listed.

      Very few scenarios require the use of NotPrincipal. We recommend that you explore other authorization options before you decide to use NotPrincipal. NotPrincipal can only be used with IamEffect.DENY statements.

      This works the same as addNotPrincipal(IamPrincipalType, String), except you do not need to specify IamPrincipalType.create(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.DENY)
                 // This statement denies access to everyone except the books service:
                .addNotPrincipal("AWS", "arn:aws:iam::123456789012:role/books-service")
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addNotPrincipals

      IamStatement.Builder addNotPrincipals(IamPrincipalType iamPrincipalType, Collection<String> notPrincipals)
      Append multiple NotPrincipals to this statement, specifying that all principals are affected by the policy except the ones listed.

      Very few scenarios require the use of NotPrincipal. We recommend that you explore other authorization options before you decide to use NotPrincipal. NotPrincipal can only be used with IamEffect.DENY statements.

      This works the same as calling addNotPrincipal(IamPrincipalType, String) multiple times with the same IamPrincipalType. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.DENY)
                 // This statement denies access to everyone except the books service and operators:
                .addNotPrincipals(IamPrincipalType.AWS,
                                  Arrays.asList("arn:aws:iam::123456789012:role/books-service",
                                               "arn:aws:iam::123456789012:role/books-operator"))
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • addNotPrincipals

      IamStatement.Builder addNotPrincipals(String iamPrincipalType, Collection<String> notPrincipals)
      Append multiple NotPrincipals to this statement, specifying that all principals are affected by the policy except the ones listed.

      Very few scenarios require the use of NotPrincipal. We recommend that you explore other authorization options before you decide to use NotPrincipal. NotPrincipal can only be used with IamEffect.DENY statements.

      This works the same as calling addNotPrincipal(String, String) multiple times with the same IamPrincipalType. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookContent")
                .effect(IamEffect.DENY)
                 // This statement denies access to everyone except the books service and operators:
                .addNotPrincipals("AWS", Arrays.asList("arn:aws:iam::123456789012:role/books-service",
                                                       "arn:aws:iam::123456789012:role/books-operator"))
                .addAction("s3:GetObject")
                .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*")
                .build();
      See Also:

    • actions

      IamStatement.Builder actions(Collection<IamAction> actions)
      Configure the Action element of the statement, specifying the actions that are allowed or denied.

      This will replace any other actions already added to the statement. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadWriteBookMetadata")
                .effect(IamEffect.ALLOW)
                // This statement grants access to read and write items in Amazon DynamoDB:
                .actions(Arrays.asList(IamAction.create("dynamodb:PutItem"),
                                       IamAction.create("dynamodb:GetItem")))
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • actionIds

      IamStatement.Builder actionIds(Collection<String> actions)
      Configure the Action element of the statement, specifying the actions that are allowed or denied.

      This works the same as actions(Collection), except you do not need to call IamAction.create() on each action. This will replace any other actions already added to the statement. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadWriteBookMetadata")
                .effect(IamEffect.ALLOW)
                // This statement grants access to read and write items in Amazon DynamoDB:
                .actionIds(Arrays.asList("dynamodb:PutItem", "dynamodb:GetItem"))
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • addAction

      IamStatement.Builder addAction(IamAction action)
      Append an Action element to this statement, specifying an action that is allowed or denied. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookMetadata")
                .effect(IamEffect.ALLOW)
                // This statement grants access to read items in Amazon DynamoDB:
                .addAction(IamAction.create("dynamodb:GetItem"))
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • addAction

      IamStatement.Builder addAction(String action)
      Append an Action element to this statement, specifying an action that is allowed or denied.

      This works the same as addAction(IamAction), except you do not need to call IamAction.create(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookMetadata")
                .effect(IamEffect.ALLOW)
                // This statement grants access to read items in Amazon DynamoDB:
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • notActions

      IamStatement.Builder notActions(Collection<IamAction> actions)
      Configure the NotAction element of the statement, specifying actions that are denied or allowed.

      This will replace any other not-actions already added to the statement. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantAllButDeleteBookMetadataTable")
                .effect(IamEffect.ALLOW)
                // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except
                // dynamodb:DeleteTable
                .notActions(Arrays.asList(IamAction.create("dynamodb:DeleteTable")))
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • notActionIds

      IamStatement.Builder notActionIds(Collection<String> actions)
      Configure the NotAction element of the statement, specifying actions that are denied or allowed.

      This works the same as notActions(Collection), except you do not need to call IamAction.create() on each action. This will replace any other not-actions already added to the statement. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantAllButDeleteBookMetadataTable")
                .effect(IamEffect.ALLOW)
                // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except
                // dynamodb:DeleteTable
                .notActionIds(Arrays.asList("dynamodb:DeleteTable"))
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • addNotAction

      IamStatement.Builder addNotAction(IamAction action)
      Append a NotAction element to this statement, specifying an action that is denied or allowed. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantAllButDeleteBookMetadataTable")
                .effect(IamEffect.ALLOW)
                // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except
                // dynamodb:DeleteTable
                .addNotAction(IamAction.create("dynamodb:DeleteTable"))
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • addNotAction

      IamStatement.Builder addNotAction(String action)
      Append a NotAction element to this statement, specifying an action that is denied or allowed.

      This works the same as addNotAction(IamAction), except you do not need to call IamAction.create(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantAllButDeleteBookMetadataTable")
                .effect(IamEffect.ALLOW)
                // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except
                // dynamodb:DeleteTable
                .addNotAction("dynamodb:DeleteTable")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • resources

      IamStatement.Builder resources(Collection<IamResource> resources)
      Configure the Resource element of the statement, specifying the resource(s) that the statement covers.

      This will replace any other resources already added to the statement. 

      List<IamResource> resources =
    Arrays.asList(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/books"),
                  IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/customers"));

IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookAndCustomersMetadata")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                // This statement grants access to the books and customers tables:
                .resources(resources)
                .build();
      See Also:

    • resourceIds

      IamStatement.Builder resourceIds(Collection<String> resources)
      Configure the Resource element of the statement, specifying the resource(s) that the statement covers.

      This works the same as resources(Collection), except you do not need to call IamResource.create() on each resource. This will replace any other resources already added to the statement. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookAndCustomersMetadata")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                // This statement grants access to the books and customers tables:
                .resourceIds(Arrays.asList("arn:aws:dynamodb:us-east-2:123456789012:table/books",
                                           "arn:aws:dynamodb:us-east-2:123456789012:table/customers"))
                .build();
      See Also:

    • addResource

      IamStatement.Builder addResource(IamResource resource)
      Append a Resource element to the statement, specifying a resource that the statement covers. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookMetadata")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                // This statement grants access to the books table:
                .addResource(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/books"))
                .build();
      See Also:

    • addResource

      IamStatement.Builder addResource(String resource)
      Append a Resource element to the statement, specifying a resource that the statement covers.

      This works the same as addResource(IamResource), except you do not need to call IamResource.create(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBookMetadata")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                // This statement grants access to the books table:
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                .build();
      See Also:

    • notResources

      IamStatement.Builder notResources(Collection<IamResource> resources)
      Configure the NotResource element of the statement, specifying that the statement should apply to every resource except the ones listed.

      This will replace any other not-resources already added to the statement. 

      List<IamResource> notResources =
    Arrays.asList(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/customers"));

IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadNotCustomers")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table:
                .notResources(notResources)
                .build();
      See Also:

    • notResourceIds

      IamStatement.Builder notResourceIds(Collection<String> resources)
      Configure the NotResource element of the statement, specifying that the statement should apply to every resource except the ones listed.

      This works the same as notResources(Collection), except you do not need to call IamResource.create() on each resource. This will replace any other not-resources already added to the statement. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadNotCustomers")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table:
                .notResourceIds(Arrays.asList("arn:aws:dynamodb:us-east-2:123456789012:table/customers"))
                .build();
      See Also:

    • addNotResource

      IamStatement.Builder addNotResource(IamResource resource)
      Append a NotResource element to the statement, specifying that the statement should apply to every resource except the ones listed. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadNotCustomers")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table:
                .addNotResource(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/customers"))
                .build();
      See Also:

    • addNotResource

      IamStatement.Builder addNotResource(String resource)
      Append a NotResource element to the statement, specifying that the statement should apply to every resource except the ones listed. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadNotCustomers")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table:
                .addNotResource("arn:aws:dynamodb:us-east-2:123456789012:table/customers")
                .build();
      See Also:

    • conditions

      IamStatement.Builder conditions(Collection<IamCondition> conditions)
      Configure the Condition element of the statement, specifying the conditions in which the statement is in effect.

      This will replace any other conditions already added to the statement. 

      IamCondition startTime = IamCondition.create(IamConditionOperator.DATE_GREATER_THAN,
                                             "aws:CurrentTime",
                                             "1988-05-21T00:00:00Z");
IamCondition endTime = IamCondition.create(IamConditionOperator.DATE_LESS_THAN,
                                           "aws:CurrentTime",
                                           "2065-09-01T00:00:00Z");

IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBooks")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                // This statement grants access between the specified start and end times:
                .conditions(Arrays.asList(startTime, endTime))
                .build();
      See Also:

    • addCondition

      IamStatement.Builder addCondition(IamCondition condition)
      Append a Condition to the statement, specifying a condition in which the statement is in effect. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBooks")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                // This statement grants access after a specified start time:
                .addCondition(IamCondition.create(IamConditionOperator.DATE_GREATER_THAN,
                                                  "aws:CurrentTime",
                                                  "1988-05-21T00:00:00Z"))
                .build();
      See Also:

    • addCondition

      IamStatement.Builder addCondition(Consumer<IamCondition.Builder> condition)
      Append a Condition to the statement, specifying a condition in which the statement is in effect.

      This works the same as addCondition(IamCondition), except you do not need to specify IamCondition .builder() or build(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBooks")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                // This statement grants access after a specified start time:
                .addCondition(c -> c.operator(IamConditionOperator.DATE_GREATER_THAN)
                                    .key("aws:CurrentTime")
                                    .value("1988-05-21T00:00:00Z"))
                .build();
      See Also:

    • addCondition

      IamStatement.Builder addCondition(IamConditionOperator operator, IamConditionKey key, String value)
      Append a Condition to the statement, specifying a condition in which the statement is in effect.

      This works the same as addCondition(IamCondition), except you do not need to specify IamCondition .create(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBooks")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                // This statement grants access after a specified start time:
                .addCondition(IamConditionOperator.DATE_GREATER_THAN,
                              IamConditionKey.create("aws:CurrentTime"),
                              "1988-05-21T00:00:00Z")
                .build();
      See Also:

    • addCondition

      IamStatement.Builder addCondition(IamConditionOperator operator, String key, String value)
      Append a Condition to the statement, specifying a condition in which the statement is in effect.

      This works the same as addCondition(IamCondition), except you do not need to specify IamCondition .create(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBooks")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                // This statement grants access after a specified start time:
                .addCondition(IamConditionOperator.DATE_GREATER_THAN, "aws:CurrentTime", "1988-05-21T00:00:00Z")
                .build();
      See Also:

    • addCondition

      IamStatement.Builder addCondition(String operator, String key, String values)
      Append a Condition to the statement, specifying a condition in which the statement is in effect.

      This works the same as addCondition(IamCondition), except you do not need to specify IamCondition .create(). 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBooks")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                // This statement grants access after a specified start time:
                .addCondition("DateGreaterThan", "aws:CurrentTime", "1988-05-21T00:00:00Z")
                .build();
      See Also:

    • addConditions

      IamStatement.Builder addConditions(IamConditionOperator operator, IamConditionKey key, Collection<String> values)
      Append multiple Conditions to the statement, specifying conditions in which the statement is in effect.

      This works the same as addCondition(IamConditionOperator, IamConditionKey, String) multiple times with the same operator and key, but different values. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBooks")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                // This statement grants access only in the us-east-1 and us-west-2 regions:
                .addConditions(IamConditionOperator.STRING_EQUALS,
                               IamConditionKey.create("aws:RequestedRegion"),
                               Arrays.asList("us-east-1", "us-west-2"))
                .build();
      See Also:

    • addConditions

      IamStatement.Builder addConditions(IamConditionOperator operator, String key, Collection<String> values)
      Append multiple Conditions to the statement, specifying conditions in which the statement is in effect.

      This works the same as addCondition(IamConditionOperator, String, String) multiple times with the same operator and key, but different values. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBooks")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                // This statement grants access only in the us-east-1 and us-west-2 regions:
                .addConditions(IamConditionOperator.STRING_EQUALS,
                               "aws:RequestedRegion",
                               Arrays.asList("us-east-1", "us-west-2"))
                .build();
      See Also:

    • addConditions

      IamStatement.Builder addConditions(String operator, String key, Collection<String> values)
      Append multiple Conditions to the statement, specifying conditions in which the statement is in effect.

      This works the same as addCondition(String, String, String) multiple times with the same operator and key, but different values. 

      IamStatement statement =
    IamStatement.builder()
                .sid("GrantReadBooks")
                .effect(IamEffect.ALLOW)
                .addAction("dynamodb:GetItem")
                .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books")
                // This statement grants access only in the us-east-1 and us-west-2 regions:
                .addConditions("StringEquals", "aws:RequestedRegion", Arrays.asList("us-east-1", "us-west-2"))
                .build();
      See Also: