[英]How to create aws role with permission using java sdk?
I'm trying without success to create a role with a specific permission:我正在尝试创建具有特定权限的角色但没有成功:
This is my permission:这是我的许可:
String jsonRole = "{" +
" \"Version\": \"2012-10-17\"," +
" \"Statement\": [" +
" {" +
" \"Effect\": \"Allow\"," +
" \"Action\": [" +
" \"s3:PutObject\"," +
" \"s3:GetObject\"," +
" \"s3:GetObjectVersion\"," +
" \"s3:DeleteObject\"," +
" \"s3:DeleteObjectVersion\"" +
" ]," +
" \"Resource\": \"arn:aws:s3:::"+artifactsBucket+"/"+company.getCompanyId()+"/*\"" +
" }" +
" ]" +
"}";
and the command to create the role:以及创建角色的命令:
AmazonIdentityManagement client = AmazonIdentityManagementClientBuilder.standard().build();
CreateRoleRequest request = new CreateRoleRequest().withPath("/companies-bucket-roles/").withRoleName(company.getName()+"-"+consoleUser.getConsoleUserId());
But I don't know how to add the permission to the role.但我不知道如何为角色添加权限。 I found nothing in the documentation.
我在文档中一无所获。 Any idea?
任何想法?
Thanks in advance提前致谢
This is the complete code if you want to create a role and add policy:如果要创建角色并添加策略,这是完整的代码:
String jsonPolicyDocument = "{" +
" \"Version\": \"2012-10-17\"," +
" \"Statement\": [" +
" {" +
" \"Effect\": \"Allow\"," +
" \"Action\": [" +
" \"s3:PutObject\"," +
" \"s3:GetObject\"," +
" \"s3:GetObjectVersion\"," +
" \"s3:DeleteObject\"," +
" \"s3:DeleteObjectVersion\"" +
" ]," +
" \"Resource\": \"arn:aws:s3:::"+artifactsBucket+"/"+company.getCompanyId()+"/*\"" +
" }" +
" ]" +
"}";
String assumeRolePolicyDocument = "{" +
" \"Version\": \"2012-10-17\"," +
" \"Statement\": [" +
" {" +
" \"Effect\": \"Allow\"," +
" \"Principal\": {" +
" \"Federated\": \"cognito-identity.amazonaws.com\"" +
" }," +
" \"Action\": \"sts:AssumeRoleWithWebIdentity\"," +
" \"Condition\": {" +
" \"StringEquals\": {" +
" \"cognito-identity.amazonaws.com:aud\": \""+poolId+"\"" +
" }," +
" \"ForAnyValue:StringLike\": {" +
" \"cognito-identity.amazonaws.com:amr\": \"authenticated\"" +
" }" +
" }" +
" }" +
" ]" +
"}";
AmazonIdentityManagement client = AmazonIdentityManagementClientBuilder.standard().build();
// First create a policy
CreatePolicyRequest policyRequest = new CreatePolicyRequest()
.withPolicyName("company_" + company.getCompanyId() + "_s3bucket" + "_policy")
.withPolicyDocument(jsonPolicyDocument)
.withDescription("Policy created for the company "+company.getCompanyId()+". This policy give access to S3 bucket for this company");
CreatePolicyResult policyResponse = client.createPolicy(policyRequest);
String roleName = "company_" + company.getCompanyId() + "_role";
CreateRoleRequest request = new CreateRoleRequest()
.withPath("/"+rolesFolder+"/")
.withRoleName(roleName)
.withAssumeRolePolicyDocument(assumeRolePolicyDocument)
.withDescription("Role created for the company "+company.getCompanyId()+". This Role has for example policy for S3 bucket");
CreateRoleResult response = client.createRole(request);
// Attach the policy to the role
AttachRolePolicyRequest attachRequest = new AttachRolePolicyRequest()
.withRoleName(roleName)
.withPolicyArn(policyResponse.getPolicy().getArn());
AttachRolePolicyResult attachRolePolicyResult = client.attachRolePolicy(attachRequest);
logger.info(attachRolePolicyResult);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.