Interface IamStatement.Builder
- All Superinterfaces:
Buildable
,CopyableBuilder<IamStatement.Builder,
,IamStatement> SdkBuilder<IamStatement.Builder,
IamStatement>
- All Known Implementing Classes:
DefaultIamStatement.Builder
- Enclosing interface:
IamStatement
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionactionIds
(Collection<String> actions) Configure theAction
element of the statement, specifying the actions that are allowed or denied.actions
(Collection<IamAction> actions) Configure theAction
element of the statement, specifying the actions that are allowed or denied.Append anAction
element to this statement, specifying an action that is allowed or denied.Append anAction
element to this statement, specifying an action that is allowed or denied.addCondition
(String operator, String key, String values) Append aCondition
to the statement, specifying a condition in which the statement is in effect.addCondition
(Consumer<IamCondition.Builder> condition) Append aCondition
to the statement, specifying a condition in which the statement is in effect.addCondition
(IamCondition condition) Append aCondition
to the statement, specifying a condition in which the statement is in effect.addCondition
(IamConditionOperator operator, String key, String value) Append aCondition
to the statement, specifying a condition in which the statement is in effect.addCondition
(IamConditionOperator operator, IamConditionKey key, String value) Append aCondition
to the statement, specifying a condition in which the statement is in effect.addConditions
(String operator, String key, Collection<String> values) Append multipleCondition
s to the statement, specifying conditions in which the statement is in effect.addConditions
(IamConditionOperator operator, String key, Collection<String> values) Append multipleCondition
s to the statement, specifying conditions in which the statement is in effect.addConditions
(IamConditionOperator operator, IamConditionKey key, Collection<String> values) Append multipleCondition
s to the statement, specifying conditions in which the statement is in effect.addNotAction
(String action) Append aNotAction
element to this statement, specifying an action that is denied or allowed.addNotAction
(IamAction action) Append aNotAction
element to this statement, specifying an action that is denied or allowed.addNotPrincipal
(String iamPrincipalType, String notPrincipal) Append aNotPrincipal
to this statement, specifying that all principals are affected by the policy except the ones listed.addNotPrincipal
(Consumer<IamPrincipal.Builder> notPrincipal) Append aNotPrincipal
to this statement, specifying that all principals are affected by the policy except the ones listed.addNotPrincipal
(IamPrincipal notPrincipal) Append aNotPrincipal
to this statement, specifying that all principals are affected by the policy except the ones listed.addNotPrincipal
(IamPrincipalType iamPrincipalType, String notPrincipal) Append aNotPrincipal
to this statement, specifying that all principals are affected by the policy except the ones listed.addNotPrincipals
(String iamPrincipalType, Collection<String> notPrincipals) Append multipleNotPrincipal
s to this statement, specifying that all principals are affected by the policy except the ones listed.addNotPrincipals
(IamPrincipalType iamPrincipalType, Collection<String> notPrincipals) Append multipleNotPrincipal
s to this statement, specifying that all principals are affected by the policy except the ones listed.addNotResource
(String resource) Append aNotResource
element to the statement, specifying that the statement should apply to every resource except the ones listed.addNotResource
(IamResource resource) Append aNotResource
element to the statement, specifying that the statement should apply to every resource except the ones listed.addPrincipal
(String iamPrincipalType, String principal) Append aPrincipal
to this statement, specifying a principal that is allowed or denied access to a resource.addPrincipal
(Consumer<IamPrincipal.Builder> principal) Append aPrincipal
to this statement, specifying a principal that is allowed or denied access to a resource.addPrincipal
(IamPrincipal principal) Append aPrincipal
to this statement, specifying a principal that is allowed or denied access to a resource.addPrincipal
(IamPrincipalType iamPrincipalType, String principal) Append aPrincipal
to this statement, specifying a principal that is allowed or denied access to a resource.addPrincipals
(String iamPrincipalType, Collection<String> principals) Append multiplePrincipal
s to this statement, specifying principals that are allowed or denied access to a resource.addPrincipals
(IamPrincipalType iamPrincipalType, Collection<String> principals) Append multiplePrincipal
s to this statement, specifying principals that are allowed or denied access to a resource.addResource
(String resource) Append aResource
element to the statement, specifying a resource that the statement covers.addResource
(IamResource resource) Append aResource
element to the statement, specifying a resource that the statement covers.conditions
(Collection<IamCondition> conditions) Configure theCondition
element of the statement, specifying the conditions in which the statement is in effect.Configure theEffect
element of the policy, specifying whether the statement results in an allow or deny.Configure theEffect
element of the policy, specifying whether the statement results in an allow or deny.notActionIds
(Collection<String> actions) Configure theNotAction
element of the statement, specifying actions that are denied or allowed.notActions
(Collection<IamAction> actions) Configure theNotAction
element of the statement, specifying actions that are denied or allowed.notPrincipals
(Collection<IamPrincipal> notPrincipals) Configure theNotPrincipal
element of the statement, specifying that all principals are affected by the policy except the ones listed.notResourceIds
(Collection<String> resources) Configure theNotResource
element of the statement, specifying that the statement should apply to every resource except the ones listed.notResources
(Collection<IamResource> resources) Configure theNotResource
element of the statement, specifying that the statement should apply to every resource except the ones listed.principals
(Collection<IamPrincipal> principals) Configure thePrincipal
element of the statement, specifying the principals that are allowed or denied access to a resource.resourceIds
(Collection<String> resources) Configure theResource
element of the statement, specifying the resource(s) that the statement covers.resources
(Collection<IamResource> resources) Configure theResource
element of the statement, specifying the resource(s) that the statement covers.Configure theSid
element of the policy, specifying an identifier for the statement.Methods inherited from interface software.amazon.awssdk.utils.builder.CopyableBuilder
copy
Methods inherited from interface software.amazon.awssdk.utils.builder.SdkBuilder
applyMutation, build
-
Method Details
-
sid
Configure theSid
element of the policy, specifying an identifier for the statement.IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") // An identifier for the statement .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
effect
Configure theEffect
element of the policy, specifying whether the statement results in an allow or deny.This value is required.
IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect(IamEffect.ALLOW) // The statement ALLOWS access .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
effect
Configure theEffect
element of the policy, specifying whether the statement results in an allow or deny.This works the same as
effect(IamEffect)
, except you do not need toIamEffect
. This value is required.IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect("Allow") // The statement ALLOWs access .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
principals
Configure thePrincipal
element of the statement, specifying the principals that are allowed or denied access to a resource.This will replace any other principals already added to the statement.
List<IamPrincipal> bookReaderRoles = IamPrincipal.createAll("AWS", Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")); IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) .principals(bookReaderRoles) // This statement allows access to the books service and operators .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addPrincipal
Append aPrincipal
to this statement, specifying a principal that is allowed or denied access to a resource.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service: .addPrincipal(IamPrincipal.create("AWS", "arn:aws:iam::123456789012:role/books-service")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addPrincipal
Append aPrincipal
to this statement, specifying a principal that is allowed or denied access to a resource.This works the same as
addPrincipal(IamPrincipal)
, except you do not need to specifyIamPrincipal .builder()
orbuild()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service: .addPrincipal(p -> p.type("AWS").id("arn:aws:iam::123456789012:role/books-service")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addPrincipal
Append aPrincipal
to this statement, specifying a principal that is allowed or denied access to a resource.This works the same as
addPrincipal(IamPrincipal)
, except you do not need to specifyIamPrincipal .create()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service: .addPrincipal(IamPrincipalType.AWS, "arn:aws:iam::123456789012:role/books-service") .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addPrincipal
Append aPrincipal
to this statement, specifying a principal that is allowed or denied access to a resource.This works the same as
addPrincipal(IamPrincipalType, String)
, except you do not need to specifyIamPrincipalType.create()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service: .addPrincipal("AWS", "arn:aws:iam::123456789012:role/books-service") .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addPrincipals
IamStatement.Builder addPrincipals(IamPrincipalType iamPrincipalType, Collection<String> principals) Append multiplePrincipal
s to this statement, specifying principals that are allowed or denied access to a resource.This works the same as calling
addPrincipal(IamPrincipalType, String)
multiple times with the sameIamPrincipalType
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service and operators: .addPrincipals(IamPrincipalType.AWS, Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addPrincipals
Append multiplePrincipal
s to this statement, specifying principals that are allowed or denied access to a resource.This works the same as calling
addPrincipal(String, String)
multiple times with the sameIamPrincipalType
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.ALLOW) // This statement allows access to the books service and operators: .addPrincipals("AWS", Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
notPrincipals
Configure theNotPrincipal
element of the statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal
. We recommend that you explore other authorization options before you decide to useNotPrincipal
.NotPrincipal
can only be used withIamEffect.DENY
statements.This will replace any other not-principals already added to the statement.
List<IamPrincipal> bookReaderRoles = IamPrincipal.createAll("AWS", Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")); IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service and operators: .notPrincipals(bookReaderRoles) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addNotPrincipal
Append aNotPrincipal
to this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal
. We recommend that you explore other authorization options before you decide to useNotPrincipal
.NotPrincipal
can only be used withIamEffect.DENY
statements.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service: .addNotPrincipal(IamPrincipal.create("AWS", "arn:aws:iam::123456789012:role/books-service")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addNotPrincipal
Append aNotPrincipal
to this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal
. We recommend that you explore other authorization options before you decide to useNotPrincipal
.NotPrincipal
can only be used withIamEffect.DENY
statements.This works the same as
addNotPrincipal(IamPrincipal)
, except you do not need to specifyIamPrincipal .builder()
orbuild()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service: .addNotPrincipal(p -> p.type("AWS").id("arn:aws:iam::123456789012:role/books-service")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addNotPrincipal
Append aNotPrincipal
to this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal
. We recommend that you explore other authorization options before you decide to useNotPrincipal
.NotPrincipal
can only be used withIamEffect.DENY
statements.This works the same as
addNotPrincipal(IamPrincipal)
, except you do not need to specifyIamPrincipal .create()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service: .addNotPrincipal(IamPrincipalType.AWS, "arn:aws:iam::123456789012:role/books-service") .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addNotPrincipal
Append aNotPrincipal
to this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal
. We recommend that you explore other authorization options before you decide to useNotPrincipal
.NotPrincipal
can only be used withIamEffect.DENY
statements.This works the same as
addNotPrincipal(IamPrincipalType, String)
, except you do not need to specifyIamPrincipalType.create()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service: .addNotPrincipal("AWS", "arn:aws:iam::123456789012:role/books-service") .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addNotPrincipals
IamStatement.Builder addNotPrincipals(IamPrincipalType iamPrincipalType, Collection<String> notPrincipals) Append multipleNotPrincipal
s to this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal
. We recommend that you explore other authorization options before you decide to useNotPrincipal
.NotPrincipal
can only be used withIamEffect.DENY
statements.This works the same as calling
addNotPrincipal(IamPrincipalType, String)
multiple times with the sameIamPrincipalType
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service and operators: .addNotPrincipals(IamPrincipalType.AWS, Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
addNotPrincipals
Append multipleNotPrincipal
s to this statement, specifying that all principals are affected by the policy except the ones listed.Very few scenarios require the use of
NotPrincipal
. We recommend that you explore other authorization options before you decide to useNotPrincipal
.NotPrincipal
can only be used withIamEffect.DENY
statements.This works the same as calling
addNotPrincipal(String, String)
multiple times with the sameIamPrincipalType
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookContent") .effect(IamEffect.DENY) // This statement denies access to everyone except the books service and operators: .addNotPrincipals("AWS", Arrays.asList("arn:aws:iam::123456789012:role/books-service", "arn:aws:iam::123456789012:role/books-operator")) .addAction("s3:GetObject") .addResource("arn:aws:s3:us-west-2:123456789012:accesspoint/book-content/object/*") .build();
- See Also:
-
actions
Configure theAction
element of the statement, specifying the actions that are allowed or denied.This will replace any other actions already added to the statement.
IamStatement statement = IamStatement.builder() .sid("GrantReadWriteBookMetadata") .effect(IamEffect.ALLOW) // This statement grants access to read and write items in Amazon DynamoDB: .actions(Arrays.asList(IamAction.create("dynamodb:PutItem"), IamAction.create("dynamodb:GetItem"))) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
actionIds
Configure theAction
element of the statement, specifying the actions that are allowed or denied.This works the same as
actions(Collection)
, except you do not need to callIamAction.create()
on each action. This will replace any other actions already added to the statement.IamStatement statement = IamStatement.builder() .sid("GrantReadWriteBookMetadata") .effect(IamEffect.ALLOW) // This statement grants access to read and write items in Amazon DynamoDB: .actionIds(Arrays.asList("dynamodb:PutItem", "dynamodb:GetItem")) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
addAction
Append anAction
element to this statement, specifying an action that is allowed or denied.IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect(IamEffect.ALLOW) // This statement grants access to read items in Amazon DynamoDB: .addAction(IamAction.create("dynamodb:GetItem")) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
addAction
Append anAction
element to this statement, specifying an action that is allowed or denied.This works the same as
addAction(IamAction)
, except you do not need to callIamAction.create()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect(IamEffect.ALLOW) // This statement grants access to read items in Amazon DynamoDB: .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
notActions
Configure theNotAction
element of the statement, specifying actions that are denied or allowed.This will replace any other not-actions already added to the statement.
IamStatement statement = IamStatement.builder() .sid("GrantAllButDeleteBookMetadataTable") .effect(IamEffect.ALLOW) // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except // dynamodb:DeleteTable .notActions(Arrays.asList(IamAction.create("dynamodb:DeleteTable"))) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
notActionIds
Configure theNotAction
element of the statement, specifying actions that are denied or allowed.This works the same as
notActions(Collection)
, except you do not need to callIamAction.create()
on each action. This will replace any other not-actions already added to the statement.IamStatement statement = IamStatement.builder() .sid("GrantAllButDeleteBookMetadataTable") .effect(IamEffect.ALLOW) // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except // dynamodb:DeleteTable .notActionIds(Arrays.asList("dynamodb:DeleteTable")) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
addNotAction
Append aNotAction
element to this statement, specifying an action that is denied or allowed.IamStatement statement = IamStatement.builder() .sid("GrantAllButDeleteBookMetadataTable") .effect(IamEffect.ALLOW) // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except // dynamodb:DeleteTable .addNotAction(IamAction.create("dynamodb:DeleteTable")) .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
addNotAction
Append aNotAction
element to this statement, specifying an action that is denied or allowed.This works the same as
addNotAction(IamAction)
, except you do not need to callIamAction.create()
.IamStatement statement = IamStatement.builder() .sid("GrantAllButDeleteBookMetadataTable") .effect(IamEffect.ALLOW) // This statement grants access to do ALL CURRENT AND FUTURE actions against the books table, except // dynamodb:DeleteTable .addNotAction("dynamodb:DeleteTable") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
resources
Configure theResource
element of the statement, specifying the resource(s) that the statement covers.This will replace any other resources already added to the statement.
List<IamResource> resources = Arrays.asList(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/books"), IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/customers")); IamStatement statement = IamStatement.builder() .sid("GrantReadBookAndCustomersMetadata") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to the books and customers tables: .resources(resources) .build();
- See Also:
-
resourceIds
Configure theResource
element of the statement, specifying the resource(s) that the statement covers.This works the same as
resources(Collection)
, except you do not need to callIamResource.create()
on each resource. This will replace any other resources already added to the statement.IamStatement statement = IamStatement.builder() .sid("GrantReadBookAndCustomersMetadata") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to the books and customers tables: .resourceIds(Arrays.asList("arn:aws:dynamodb:us-east-2:123456789012:table/books", "arn:aws:dynamodb:us-east-2:123456789012:table/customers")) .build();
- See Also:
-
addResource
Append aResource
element to the statement, specifying a resource that the statement covers.IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to the books table: .addResource(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/books")) .build();
- See Also:
-
addResource
Append aResource
element to the statement, specifying a resource that the statement covers.This works the same as
addResource(IamResource)
, except you do not need to callIamResource.create()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBookMetadata") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to the books table: .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") .build();
- See Also:
-
notResources
Configure theNotResource
element of the statement, specifying that the statement should apply to every resource except the ones listed.This will replace any other not-resources already added to the statement.
List<IamResource> notResources = Arrays.asList(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/customers")); IamStatement statement = IamStatement.builder() .sid("GrantReadNotCustomers") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table: .notResources(notResources) .build();
- See Also:
-
notResourceIds
Configure theNotResource
element of the statement, specifying that the statement should apply to every resource except the ones listed.This works the same as
notResources(Collection)
, except you do not need to callIamResource.create()
on each resource. This will replace any other not-resources already added to the statement.IamStatement statement = IamStatement.builder() .sid("GrantReadNotCustomers") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table: .notResourceIds(Arrays.asList("arn:aws:dynamodb:us-east-2:123456789012:table/customers")) .build();
- See Also:
-
addNotResource
Append aNotResource
element to the statement, specifying that the statement should apply to every resource except the ones listed.IamStatement statement = IamStatement.builder() .sid("GrantReadNotCustomers") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table: .addNotResource(IamResource.create("arn:aws:dynamodb:us-east-2:123456789012:table/customers")) .build();
- See Also:
-
addNotResource
Append aNotResource
element to the statement, specifying that the statement should apply to every resource except the ones listed.IamStatement statement = IamStatement.builder() .sid("GrantReadNotCustomers") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") // This statement grants access to EVERY CURRENT AND FUTURE RESOURCE except the customers table: .addNotResource("arn:aws:dynamodb:us-east-2:123456789012:table/customers") .build();
- See Also:
-
conditions
Configure theCondition
element of the statement, specifying the conditions in which the statement is in effect.This will replace any other conditions already added to the statement.
IamCondition startTime = IamCondition.create(IamConditionOperator.DATE_GREATER_THAN, "aws:CurrentTime", "1988-05-21T00:00:00Z"); IamCondition endTime = IamCondition.create(IamConditionOperator.DATE_LESS_THAN, "aws:CurrentTime", "2065-09-01T00:00:00Z"); IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access between the specified start and end times: .conditions(Arrays.asList(startTime, endTime)) .build();
- See Also:
-
addCondition
Append aCondition
to the statement, specifying a condition in which the statement is in effect.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access after a specified start time: .addCondition(IamCondition.create(IamConditionOperator.DATE_GREATER_THAN, "aws:CurrentTime", "1988-05-21T00:00:00Z")) .build();
- See Also:
-
addCondition
Append aCondition
to the statement, specifying a condition in which the statement is in effect.This works the same as
addCondition(IamCondition)
, except you do not need to specifyIamCondition .builder()
orbuild()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access after a specified start time: .addCondition(c -> c.operator(IamConditionOperator.DATE_GREATER_THAN) .key("aws:CurrentTime") .value("1988-05-21T00:00:00Z")) .build();
- See Also:
-
addCondition
Append aCondition
to the statement, specifying a condition in which the statement is in effect.This works the same as
addCondition(IamCondition)
, except you do not need to specifyIamCondition .create()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access after a specified start time: .addCondition(IamConditionOperator.DATE_GREATER_THAN, IamConditionKey.create("aws:CurrentTime"), "1988-05-21T00:00:00Z") .build();
- See Also:
-
addCondition
Append aCondition
to the statement, specifying a condition in which the statement is in effect.This works the same as
addCondition(IamCondition)
, except you do not need to specifyIamCondition .create()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access after a specified start time: .addCondition(IamConditionOperator.DATE_GREATER_THAN, "aws:CurrentTime", "1988-05-21T00:00:00Z") .build();
- See Also:
-
addCondition
Append aCondition
to the statement, specifying a condition in which the statement is in effect.This works the same as
addCondition(IamCondition)
, except you do not need to specifyIamCondition .create()
.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access after a specified start time: .addCondition("DateGreaterThan", "aws:CurrentTime", "1988-05-21T00:00:00Z") .build();
- See Also:
-
addConditions
IamStatement.Builder addConditions(IamConditionOperator operator, IamConditionKey key, Collection<String> values) Append multipleCondition
s to the statement, specifying conditions in which the statement is in effect.This works the same as
addCondition(IamConditionOperator, IamConditionKey, String)
multiple times with the same operator and key, but different values.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access only in the us-east-1 and us-west-2 regions: .addConditions(IamConditionOperator.STRING_EQUALS, IamConditionKey.create("aws:RequestedRegion"), Arrays.asList("us-east-1", "us-west-2")) .build();
- See Also:
-
addConditions
IamStatement.Builder addConditions(IamConditionOperator operator, String key, Collection<String> values) Append multipleCondition
s to the statement, specifying conditions in which the statement is in effect.This works the same as
addCondition(IamConditionOperator, String, String)
multiple times with the same operator and key, but different values.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access only in the us-east-1 and us-west-2 regions: .addConditions(IamConditionOperator.STRING_EQUALS, "aws:RequestedRegion", Arrays.asList("us-east-1", "us-west-2")) .build();
- See Also:
-
addConditions
Append multipleCondition
s to the statement, specifying conditions in which the statement is in effect.This works the same as
addCondition(String, String, String)
multiple times with the same operator and key, but different values.IamStatement statement = IamStatement.builder() .sid("GrantReadBooks") .effect(IamEffect.ALLOW) .addAction("dynamodb:GetItem") .addResource("arn:aws:dynamodb:us-east-2:123456789012:table/books") // This statement grants access only in the us-east-1 and us-west-2 regions: .addConditions("StringEquals", "aws:RequestedRegion", Arrays.asList("us-east-1", "us-west-2")) .build();
- See Also:
-