Class DefaultIamStatement.Builder
java.lang.Object
software.amazon.awssdk.policybuilder.iam.internal.DefaultIamStatement.Builder
- All Implemented Interfaces:
IamStatement.Builder,Buildable,CopyableBuilder<IamStatement.Builder,,IamStatement> SdkBuilder<IamStatement.Builder,IamStatement>
- Enclosing class:
DefaultIamStatement
-
Method Summary
Modifier and TypeMethodDescriptionactionIds(Collection<String> actions) Configure theActionelement of the statement, specifying the actions that are allowed or denied.actions(Collection<IamAction> actions) Configure theActionelement of the statement, specifying the actions that are allowed or denied.Append anActionelement to this statement, specifying an action that is allowed or denied.Append anActionelement to this statement, specifying an action that is allowed or denied.addCondition(String operator, String key, String value) Append aConditionto the statement, specifying a condition in which the statement is in effect.addCondition(Consumer<IamCondition.Builder> condition) Append aConditionto the statement, specifying a condition in which the statement is in effect.addCondition(IamCondition condition) Append aConditionto the statement, specifying a condition in which the statement is in effect.addCondition(IamConditionOperator operator, String key, String value) Append aConditionto the statement, specifying a condition in which the statement is in effect.addCondition(IamConditionOperator operator, IamConditionKey key, String value) Append aConditionto the statement, specifying a condition in which the statement is in effect.addConditions(String operator, String key, Collection<String> values) Append multipleConditions to the statement, specifying conditions in which the statement is in effect.addConditions(IamConditionOperator operator, String key, Collection<String> values) Append multipleConditions to the statement, specifying conditions in which the statement is in effect.addConditions(IamConditionOperator operator, IamConditionKey key, Collection<String> values) Append multipleConditions to the statement, specifying conditions in which the statement is in effect.addNotAction(String notAction) Append aNotActionelement to this statement, specifying an action that is denied or allowed.addNotAction(IamAction notAction) Append aNotActionelement to this statement, specifying an action that is denied or allowed.addNotPrincipal(String iamPrincipalType, String principal) Append aNotPrincipalto this statement, specifying that all principals are affected by the policy except the ones listed.addNotPrincipal(Consumer<IamPrincipal.Builder> notPrincipal) Append aNotPrincipalto this statement, specifying that all principals are affected by the policy except the ones listed.addNotPrincipal(IamPrincipal notPrincipal) Append aNotPrincipalto this statement, specifying that all principals are affected by the policy except the ones listed.addNotPrincipal(IamPrincipalType iamPrincipalType, String principal) Append aNotPrincipalto this statement, specifying that all principals are affected by the policy except the ones listed.addNotPrincipals(String notPrincipalType, Collection<String> notPrincipals) Append multipleNotPrincipals to this statement, specifying that all principals are affected by the policy except the ones listed.addNotPrincipals(IamPrincipalType notPrincipalType, Collection<String> notPrincipals) Append multipleNotPrincipals to this statement, specifying that all principals are affected by the policy except the ones listed.addNotResource(String notResource) Append aNotResourceelement to the statement, specifying that the statement should apply to every resource except the ones listed.addNotResource(IamResource notResource) Append aNotResourceelement to the statement, specifying that the statement should apply to every resource except the ones listed.addPrincipal(String iamPrincipalType, String principal) Append aPrincipalto this statement, specifying a principal that is allowed or denied access to a resource.addPrincipal(Consumer<IamPrincipal.Builder> principal) Append aPrincipalto this statement, specifying a principal that is allowed or denied access to a resource.addPrincipal(IamPrincipal principal) Append aPrincipalto this statement, specifying a principal that is allowed or denied access to a resource.addPrincipal(IamPrincipalType iamPrincipalType, String principal) Append aPrincipalto this statement, specifying a principal that is allowed or denied access to a resource.addPrincipals(String principalType, Collection<String> principals) Append multiplePrincipals to this statement, specifying principals that are allowed or denied access to a resource.addPrincipals(IamPrincipalType principalType, Collection<String> principals) Append multiplePrincipals to this statement, specifying principals that are allowed or denied access to a resource.addResource(String resource) Append aResourceelement to the statement, specifying a resource that the statement covers.addResource(IamResource resource) Append aResourceelement to the statement, specifying a resource that the statement covers.build()An immutable object that is created from the properties that have been set on the builder.conditions(Collection<IamCondition> conditions) Configure theConditionelement of the statement, specifying the conditions in which the statement is in effect.Configure theEffectelement of the policy, specifying whether the statement results in an allow or deny.Configure theEffectelement of the policy, specifying whether the statement results in an allow or deny.notActionIds(Collection<String> notActions) Configure theNotActionelement of the statement, specifying actions that are denied or allowed.notActions(Collection<IamAction> notActions) Configure theNotActionelement of the statement, specifying actions that are denied or allowed.notPrincipals(Collection<IamPrincipal> notPrincipals) Configure theNotPrincipalelement of the statement, specifying that all principals are affected by the policy except the ones listed.notResourceIds(Collection<String> notResources) Configure theNotResourceelement of the statement, specifying that the statement should apply to every resource except the ones listed.notResources(Collection<IamResource> notResources) Configure theNotResourceelement of the statement, specifying that the statement should apply to every resource except the ones listed.principals(Collection<IamPrincipal> principals) Configure thePrincipalelement of the statement, specifying the principals that are allowed or denied access to a resource.resourceIds(Collection<String> resources) Configure theResourceelement of the statement, specifying the resource(s) that the statement covers.resources(Collection<IamResource> resources) Configure theResourceelement of the statement, specifying the resource(s) that the statement covers.Configure theSidelement of the policy, specifying an identifier for the statement.Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface software.amazon.awssdk.utils.builder.CopyableBuilder
copyMethods inherited from interface software.amazon.awssdk.utils.builder.SdkBuilder
applyMutation
-
Method Details
-
sid
Description copied from interface:IamStatement.BuilderConfigure theSidelement of the policy, specifying an identifier for the statement.IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") // An identifier for the statement .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
sidin interfaceIamStatement.Builder- See Also:
-
effect
Description copied from interface:IamStatement.BuilderConfigure theEffectelement of the policy, specifying whether the statement results in an allow or deny.This value is required.
IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect(IamEffect.ALLOW) // The statement ALLOWS access .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
effectin interfaceIamStatement.Builder- See Also:
-
effect
Description copied from interface:IamStatement.BuilderConfigure theEffectelement of the policy, specifying whether the statement results in an allow or deny.This works the same as
IamStatement.Builder.effect(IamEffect), except you do not need toIamEffect. This value is required.IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect("Allow") // The statement ALLOWs access .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
effectin interfaceIamStatement.Builder- See Also:
-
principals
Description copied from interface:IamStatement.BuilderConfigure thePrincipalelement of the statement, specifying the principals that are allowed or denied access to a resource.This will replace any other principals already added to the statement.
List<IamPrincipal> bookReaderRoles = IamPrincipal.createAll("AWS", Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")); IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) .principals(bookReaderRoles) // This statement allows access to the books service and operators .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
principalsin interfaceIamStatement.Builder- See Also:
-
addPrincipal
Description copied from interface:IamStatement.BuilderAppend aPrincipalto this statement, specifying a principal that is allowed or denied access to a resource.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service: .addPrincipal(IamPrincipal.create("AWS", "arn:aws:iam::123456789012:role/books-service")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addPrincipalin interfaceIamStatement.Builder- See Also:
-
addPrincipal
Description copied from interface:IamStatement.BuilderAppend aPrincipalto this statement, specifying a principal that is allowed or denied access to a resource.This works the same as
IamStatement.Builder.addPrincipal(IamPrincipal), except you do not need to specifyIamPrincipal .builder()orbuild().IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service: .addPrincipal(p -> p.type("AWS").id("arn:aws:iam::123456789012:role/books-service")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addPrincipalin interfaceIamStatement.Builder- See Also:
-
addPrincipal
Description copied from interface:IamStatement.BuilderAppend aPrincipalto this statement, specifying a principal that is allowed or denied access to a resource.This works the same as
IamStatement.Builder.addPrincipal(IamPrincipal), except you do not need to specifyIamPrincipal .create().IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service: .addPrincipal(IamPrincipalType.AWS, "arn:aws:iam::123456789012:role/books-service") .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addPrincipalin interfaceIamStatement.Builder- See Also:
-
addPrincipal
Description copied from interface:IamStatement.BuilderAppend aPrincipalto this statement, specifying a principal that is allowed or denied access to a resource.This works the same as
IamStatement.Builder.addPrincipal(IamPrincipalType, String), except you do not need to specifyIamPrincipalType.create().IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service: .addPrincipal("AWS", "arn:aws:iam::123456789012:role/books-service") .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addPrincipalin interfaceIamStatement.Builder- See Also:
-
addPrincipals
public IamStatement.Builder addPrincipals(IamPrincipalType principalType, Collection<String> principals) Description copied from interface:IamStatement.BuilderAppend multiplePrincipals to this statement, specifying principals that are allowed or denied access to a resource.This works the same as calling
IamStatement.Builder.addPrincipal(IamPrincipalType, String)multiple times with the sameIamPrincipalType.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service and operators: .addPrincipals(IamPrincipalType.AWS, Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addPrincipalsin interfaceIamStatement.Builder- See Also:
-
addPrincipals
Description copied from interface:IamStatement.BuilderAppend multiplePrincipals to this statement, specifying principals that are allowed or denied access to a resource.This works the same as calling
IamStatement.Builder.addPrincipal(String, String)multiple times with the sameIamPrincipalType.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service and operators: .addPrincipals("AWS", Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addPrincipalsin interfaceIamStatement.Builder- See Also:
-
notPrincipals
Description copied from interface:IamStatement.BuilderConfigure theNotPrincipalelement of the statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal. We recommend that you explore other authorization options before you decide to useNotPrincipal.NotPrincipalcan only be used withIamEffect.DENYstatements.This will replace any other not-principals already added to the statement.
List<IamPrincipal> bookReaderRoles = IamPrincipal.createAll("AWS", Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")); IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service and operators: .notPrincipals(bookReaderRoles) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
notPrincipalsin interfaceIamStatement.Builder- See Also:
-
addNotPrincipal
Description copied from interface:IamStatement.BuilderAppend aNotPrincipalto this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal. We recommend that you explore other authorization options before you decide to useNotPrincipal.NotPrincipalcan only be used withIamEffect.DENYstatements.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service: .addNotPrincipal(IamPrincipal.create("AWS", "arn:aws:iam::123456789012:role/books-service")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addNotPrincipalin interfaceIamStatement.Builder- See Also:
-
addNotPrincipal
Description copied from interface:IamStatement.BuilderAppend aNotPrincipalto this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal. We recommend that you explore other authorization options before you decide to useNotPrincipal.NotPrincipalcan only be used withIamEffect.DENYstatements.This works the same as
IamStatement.Builder.addNotPrincipal(IamPrincipal), except you do not need to specifyIamPrincipal .builder()orbuild().IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service: .addNotPrincipal(p -> p.type("AWS").id("arn:aws:iam::123456789012:role/books-service")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addNotPrincipalin interfaceIamStatement.Builder- See Also:
-
addNotPrincipal
Description copied from interface:IamStatement.BuilderAppend aNotPrincipalto this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal. We recommend that you explore other authorization options before you decide to useNotPrincipal.NotPrincipalcan only be used withIamEffect.DENYstatements.This works the same as
IamStatement.Builder.addNotPrincipal(IamPrincipal), except you do not need to specifyIamPrincipal .create().IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service: .addNotPrincipal(IamPrincipalType.AWS, "arn:aws:iam::123456789012:role/books-service") .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addNotPrincipalin interfaceIamStatement.Builder- See Also:
-
addNotPrincipal
Description copied from interface:IamStatement.BuilderAppend aNotPrincipalto this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal. We recommend that you explore other authorization options before you decide to useNotPrincipal.NotPrincipalcan only be used withIamEffect.DENYstatements.This works the same as
IamStatement.Builder.addNotPrincipal(IamPrincipalType, String), except you do not need to specifyIamPrincipalType.create().IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service: .addNotPrincipal("AWS", "arn:aws:iam::123456789012:role/books-service") .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addNotPrincipalin interfaceIamStatement.Builder- See Also:
-
addNotPrincipals
public IamStatement.Builder addNotPrincipals(IamPrincipalType notPrincipalType, Collection<String> notPrincipals) Description copied from interface:IamStatement.BuilderAppend multipleNotPrincipals to this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal. We recommend that you explore other authorization options before you decide to useNotPrincipal.NotPrincipalcan only be used withIamEffect.DENYstatements.This works the same as calling
IamStatement.Builder.addNotPrincipal(IamPrincipalType, String)multiple times with the sameIamPrincipalType.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service and operators: .addNotPrincipals(IamPrincipalType.AWS, Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addNotPrincipalsin interfaceIamStatement.Builder- See Also:
-
addNotPrincipals
public IamStatement.Builder addNotPrincipals(String notPrincipalType, Collection<String> notPrincipals) Description copied from interface:IamStatement.BuilderAppend multipleNotPrincipals to this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal. We recommend that you explore other authorization options before you decide to useNotPrincipal.NotPrincipalcan only be used withIamEffect.DENYstatements.This works the same as calling
IamStatement.Builder.addNotPrincipal(String, String)multiple times with the sameIamPrincipalType.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service and operators: .addNotPrincipals("AWS", Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();- Specified by:
addNotPrincipalsin interfaceIamStatement.Builder- See Also:
-
actions
Description copied from interface:IamStatement.BuilderConfigure theActionelement of the statement, specifying the actions that are allowed or denied.This will replace any other actions already added to the statement.
IamStatement statement = IamStatement.builder() .sid("GrantReadWriteBookMetadata") .effect(IamEffect.ALLOW) // This statement grants access to read and write items in Amazon DynamoDB: .actions(Arrays.asList(IamAction.create("dynamodb:PutItem"), IamAction.create("dynamodb:GetItem"))) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
actionsin interfaceIamStatement.Builder- See Also:
-
actionIds
Description copied from interface:IamStatement.BuilderConfigure theActionelement of the statement, specifying the actions that are allowed or denied.This works the same as
IamStatement.Builder.actions(Collection), except you do not need to callIamAction.create()on each action. This will replace any other actions already added to the statement.IamStatement statement = IamStatement.builder() .sid("GrantReadWriteBookMetadata") .effect(IamEffect.ALLOW) // This statement grants access to read and write items in Amazon DynamoDB: .actionIds(Arrays.asList("dynamodb:PutItem", "dynamodb:GetItem")) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
actionIdsin interfaceIamStatement.Builder- See Also:
-
addAction
Description copied from interface:IamStatement.BuilderAppend anActionelement to this statement, specifying an action that is allowed or denied.IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect(IamEffect.ALLOW) // This statement grants access to read items in Amazon DynamoDB: .addAction(IamAction.create("dynamodb:GetItem")) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
addActionin interfaceIamStatement.Builder- See Also:
-
addAction
Description copied from interface:IamStatement.BuilderAppend anActionelement to this statement, specifying an action that is allowed or denied.This works the same as
IamStatement.Builder.addAction(IamAction), except you do not need to callIamAction.create().IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect(IamEffect.ALLOW) // This statement grants access to read items in Amazon DynamoDB: .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
addActionin interfaceIamStatement.Builder- See Also:
-
notActions
Description copied from interface:IamStatement.BuilderConfigure theNotActionelement of the statement, specifying actions that are denied or allowed.This will replace any other not-actions already added to the statement.
IamStatement statement = IamStatement.builder() .sid("GrantAllButDeleteBookMetadataTable") .effect(IamEffect.ALLOW) // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except // dynamodb:DeleteTable .notActions(Arrays.asList(IamAction.create("dynamodb:DeleteTable"))) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
notActionsin interfaceIamStatement.Builder- See Also:
-
notActionIds
Description copied from interface:IamStatement.BuilderConfigure theNotActionelement of the statement, specifying actions that are denied or allowed.This works the same as
IamStatement.Builder.notActions(Collection), except you do not need to callIamAction.create()on each action. This will replace any other not-actions already added to the statement.IamStatement statement = IamStatement.builder() .sid("GrantAllButDeleteBookMetadataTable") .effect(IamEffect.ALLOW) // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except // dynamodb:DeleteTable .notActionIds(Arrays.asList("dynamodb:DeleteTable")) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
notActionIdsin interfaceIamStatement.Builder- See Also:
-
addNotAction
Description copied from interface:IamStatement.BuilderAppend aNotActionelement to this statement, specifying an action that is denied or allowed.IamStatement statement = IamStatement.builder() .sid("GrantAllButDeleteBookMetadataTable") .effect(IamEffect.ALLOW) // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except // dynamodb:DeleteTable .addNotAction(IamAction.create("dynamodb:DeleteTable")) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
addNotActionin interfaceIamStatement.Builder- See Also:
-
addNotAction
Description copied from interface:IamStatement.BuilderAppend aNotActionelement to this statement, specifying an action that is denied or allowed.This works the same as
IamStatement.Builder.addNotAction(IamAction), except you do not need to callIamAction.create().IamStatement statement = IamStatement.builder() .sid("GrantAllButDeleteBookMetadataTable") .effect(IamEffect.ALLOW) // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except // dynamodb:DeleteTable .addNotAction("dynamodb:DeleteTable") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
addNotActionin interfaceIamStatement.Builder- See Also:
-
resources
Description copied from interface:IamStatement.BuilderConfigure theResourceelement of the statement, specifying the resource(s) that the statement covers.This will replace any other resources already added to the statement.
List<IamResource> resources = Arrays.asList(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/books"), IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/customers")); IamStatement statement = IamStatement.builder() .sid("GrantReadBookAndCustomersMetadata") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to the books and customers tables: .resources(resources) .build();- Specified by:
resourcesin interfaceIamStatement.Builder- See Also:
-
resourceIds
Description copied from interface:IamStatement.BuilderConfigure theResourceelement of the statement, specifying the resource(s) that the statement covers.This works the same as
IamStatement.Builder.resources(Collection), except you do not need to callIamResource.create()on each resource. This will replace any other resources already added to the statement.IamStatement statement = IamStatement.builder() .sid("GrantReadBookAndCustomersMetadata") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to the books and customers tables: .resourceIds(Arrays.asList("arn:aws:dynamodb:us-east-2:123456789012:table/books", "arn:aws:dynamodb:us-east-2:123456789012:table/customers")) .build();- Specified by:
resourceIdsin interfaceIamStatement.Builder- See Also:
-
addResource
Description copied from interface:IamStatement.BuilderAppend aResourceelement to the statement, specifying a resource that the statement covers.IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to the books table: .addResource(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/books")) .build();- Specified by:
addResourcein interfaceIamStatement.Builder- See Also:
-
addResource
Description copied from interface:IamStatement.BuilderAppend aResourceelement to the statement, specifying a resource that the statement covers.This works the same as
IamStatement.Builder.addResource(IamResource), except you do not need to callIamResource.create().IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to the books table: .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();- Specified by:
addResourcein interfaceIamStatement.Builder- See Also:
-
notResources
Description copied from interface:IamStatement.BuilderConfigure theNotResourceelement of the statement, specifying that the statement should apply to every resource except the ones listed.This will replace any other not-resources already added to the statement.
List<IamResource> notResources = Arrays.asList(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/customers")); IamStatement statement = IamStatement.builder() .sid("GrantReadNotCustomers") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table: .notResources(notResources) .build();- Specified by:
notResourcesin interfaceIamStatement.Builder- See Also:
-
notResourceIds
Description copied from interface:IamStatement.BuilderConfigure theNotResourceelement of the statement, specifying that the statement should apply to every resource except the ones listed.This works the same as
IamStatement.Builder.notResources(Collection), except you do not need to callIamResource.create()on each resource. This will replace any other not-resources already added to the statement.IamStatement statement = IamStatement.builder() .sid("GrantReadNotCustomers") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table: .notResourceIds(Arrays.asList("arn:aws:dynamodb:us-east-2:123456789012:table/customers")) .build();- Specified by:
notResourceIdsin interfaceIamStatement.Builder- See Also:
-
addNotResource
Description copied from interface:IamStatement.BuilderAppend aNotResourceelement to the statement, specifying that the statement should apply to every resource except the ones listed.IamStatement statement = IamStatement.builder() .sid("GrantReadNotCustomers") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table: .addNotResource(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/customers")) .build();- Specified by:
addNotResourcein interfaceIamStatement.Builder- See Also:
-
addNotResource
Description copied from interface:IamStatement.BuilderAppend aNotResourceelement to the statement, specifying that the statement should apply to every resource except the ones listed.IamStatement statement = IamStatement.builder() .sid("GrantReadNotCustomers") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table: .addNotResource("arn:aws:dynamodb:us-east-2:123456789012:table/customers") .build();- Specified by:
addNotResourcein interfaceIamStatement.Builder- See Also:
-
conditions
Description copied from interface:IamStatement.BuilderConfigure theConditionelement of the statement, specifying the conditions in which the statement is in effect.This will replace any other conditions already added to the statement.
IamCondition startTime = IamCondition.create(IamConditionOperator.DATE_GREATER_THAN, "aws:CurrentTime", "1988-05-21T00:00:00Z"); IamCondition endTime = IamCondition.create(IamConditionOperator.DATE_LESS_THAN, "aws:CurrentTime", "2065-09-01T00:00:00Z"); IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access between the specified start and end times: .conditions(Arrays.asList(startTime, endTime)) .build();- Specified by:
conditionsin interfaceIamStatement.Builder- See Also:
-
addCondition
Description copied from interface:IamStatement.BuilderAppend aConditionto the statement, specifying a condition in which the statement is in effect.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access after a specified start time: .addCondition(IamCondition.create(IamConditionOperator.DATE_GREATER_THAN, "aws:CurrentTime", "1988-05-21T00:00:00Z")) .build();- Specified by:
addConditionin interfaceIamStatement.Builder- See Also:
-
addCondition
Description copied from interface:IamStatement.BuilderAppend aConditionto the statement, specifying a condition in which the statement is in effect.This works the same as
IamStatement.Builder.addCondition(IamCondition), except you do not need to specifyIamCondition .builder()orbuild().IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access after a specified start time: .addCondition(c -> c.operator(IamConditionOperator.DATE_GREATER_THAN) .key("aws:CurrentTime") .value("1988-05-21T00:00:00Z")) .build();- Specified by:
addConditionin interfaceIamStatement.Builder- See Also:
-
addCondition
public IamStatement.Builder addCondition(IamConditionOperator operator, IamConditionKey key, String value) Description copied from interface:IamStatement.BuilderAppend aConditionto the statement, specifying a condition in which the statement is in effect.This works the same as
IamStatement.Builder.addCondition(IamCondition), except you do not need to specifyIamCondition .create().IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access after a specified start time: .addCondition(IamConditionOperator.DATE_GREATER_THAN, IamConditionKey.create("aws:CurrentTime"), "1988-05-21T00:00:00Z") .build();- Specified by:
addConditionin interfaceIamStatement.Builder- See Also:
-
addCondition
Description copied from interface:IamStatement.BuilderAppend aConditionto the statement, specifying a condition in which the statement is in effect.This works the same as
IamStatement.Builder.addCondition(IamCondition), except you do not need to specifyIamCondition .create().IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access after a specified start time: .addCondition(IamConditionOperator.DATE_GREATER_THAN, "aws:CurrentTime", "1988-05-21T00:00:00Z") .build();- Specified by:
addConditionin interfaceIamStatement.Builder- See Also:
-
addCondition
Description copied from interface:IamStatement.BuilderAppend aConditionto the statement, specifying a condition in which the statement is in effect.This works the same as
IamStatement.Builder.addCondition(IamCondition), except you do not need to specifyIamCondition .create().IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access after a specified start time: .addCondition("DateGreaterThan", "aws:CurrentTime", "1988-05-21T00:00:00Z") .build();- Specified by:
addConditionin interfaceIamStatement.Builder- See Also:
-
addConditions
public IamStatement.Builder addConditions(IamConditionOperator operator, IamConditionKey key, Collection<String> values) Description copied from interface:IamStatement.BuilderAppend multipleConditions to the statement, specifying conditions in which the statement is in effect.This works the same as
IamStatement.Builder.addCondition(IamConditionOperator, IamConditionKey, String)multiple times with the same operator and key, but different values.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access only in the us-east-1 and us-west-2 regions: .addConditions(IamConditionOperator.STRING_EQUALS, IamConditionKey.create("aws:RequestedRegion"), Arrays.asList("us-east-1", "us-west-2")) .build();- Specified by:
addConditionsin interfaceIamStatement.Builder- See Also:
-
addConditions
public IamStatement.Builder addConditions(IamConditionOperator operator, String key, Collection<String> values) Description copied from interface:IamStatement.BuilderAppend multipleConditions to the statement, specifying conditions in which the statement is in effect.This works the same as
IamStatement.Builder.addCondition(IamConditionOperator, String, String)multiple times with the same operator and key, but different values.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access only in the us-east-1 and us-west-2 regions: .addConditions(IamConditionOperator.STRING_EQUALS, "aws:RequestedRegion", Arrays.asList("us-east-1", "us-west-2")) .build();- Specified by:
addConditionsin interfaceIamStatement.Builder- See Also:
-
addConditions
Description copied from interface:IamStatement.BuilderAppend multipleConditions to the statement, specifying conditions in which the statement is in effect.This works the same as
IamStatement.Builder.addCondition(String, String, String)multiple times with the same operator and key, but different values.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access only in the us-east-1 and us-west-2 regions: .addConditions("StringEquals", "aws:RequestedRegion", Arrays.asList("us-east-1", "us-west-2")) .build();- Specified by:
addConditionsin interfaceIamStatement.Builder- See Also:
-
build
Description copied from interface:SdkBuilderAn immutable object that is created from the properties that have been set on the builder.- Specified by:
buildin interfaceBuildable- Specified by:
buildin interfaceSdkBuilder<IamStatement.Builder,IamStatement> - Returns:
- an instance of T
-