堆栈内存溢出
  简体   繁体   English

如何使用 java sdk 创建具有权限的 aws 角色?

[英]How to create aws role with permission using java sdk?

 原文  2020-06-29 19:42:59       java/ amazon-web-services/ amazon-s3/ aws-sdk/ amazon-iam

问题描述

I'm trying without success to create a role with a specific permission:我正在尝试创建具有特定权限的角色但没有成功:

This is my permission:这是我的许可:

    String jsonRole = "{" + 
            "    \"Version\": \"2012-10-17\"," + 
            "    \"Statement\": [" + 
            "        {" + 
            "            \"Effect\": \"Allow\"," + 
            "            \"Action\": [" + 
            "                \"s3:PutObject\"," + 
            "                \"s3:GetObject\"," + 
            "                \"s3:GetObjectVersion\"," + 
            "                \"s3:DeleteObject\"," + 
            "                \"s3:DeleteObjectVersion\"" + 
            "            ]," + 
            "            \"Resource\": \"arn:aws:s3:::"+artifactsBucket+"/"+company.getCompanyId()+"/*\"" + 
            "        }" + 
            "    ]" + 
            "}";

and the command to create the role:以及创建角色的命令:

AmazonIdentityManagement client = AmazonIdentityManagementClientBuilder.standard().build();
CreateRoleRequest request = new CreateRoleRequest().withPath("/companies-bucket-roles/").withRoleName(company.getName()+"-"+consoleUser.getConsoleUserId());

But I don't know how to add the permission to the role.但我不知道如何为角色添加权限。 I found nothing in the documentation.我在文档中一无所获。 Any idea?任何想法?

Thanks in advance提前致谢

1 个解决方案

解决方案1
 2 已采纳  2020-06-30 14:27:56

This is the complete code if you want to create a role and add policy:如果要创建角色并添加策略,这是完整的代码:

        String jsonPolicyDocument = "{" + 
                "    \"Version\": \"2012-10-17\"," + 
                "    \"Statement\": [" + 
                "        {" + 
                "            \"Effect\": \"Allow\"," + 
                "            \"Action\": [" + 
                "                \"s3:PutObject\"," + 
                "                \"s3:GetObject\"," + 
                "                \"s3:GetObjectVersion\"," + 
                "                \"s3:DeleteObject\"," + 
                "                \"s3:DeleteObjectVersion\"" + 
                "            ]," + 
                "            \"Resource\": \"arn:aws:s3:::"+artifactsBucket+"/"+company.getCompanyId()+"/*\"" + 
                "        }" + 
                "    ]" + 
                "}";

        String assumeRolePolicyDocument = "{" + 
                "  \"Version\": \"2012-10-17\"," + 
                "  \"Statement\": [" + 
                "    {" + 
                "      \"Effect\": \"Allow\"," + 
                "      \"Principal\": {" + 
                "        \"Federated\": \"cognito-identity.amazonaws.com\"" + 
                "      }," + 
                "      \"Action\": \"sts:AssumeRoleWithWebIdentity\"," + 
                "      \"Condition\": {" + 
                "        \"StringEquals\": {" + 
                "          \"cognito-identity.amazonaws.com:aud\": \""+poolId+"\"" + 
                "        }," + 
                "        \"ForAnyValue:StringLike\": {" + 
                "          \"cognito-identity.amazonaws.com:amr\": \"authenticated\"" + 
                "        }" + 
                "      }" + 
                "    }" + 
                "  ]" + 
                "}";
        
        
        AmazonIdentityManagement client = AmazonIdentityManagementClientBuilder.standard().build();
        // First create a policy
        CreatePolicyRequest policyRequest = new CreatePolicyRequest()
                .withPolicyName("company_" + company.getCompanyId() + "_s3bucket" + "_policy")
                .withPolicyDocument(jsonPolicyDocument)
                .withDescription("Policy created for the company "+company.getCompanyId()+". This policy give access to S3 bucket for this company");

        CreatePolicyResult policyResponse = client.createPolicy(policyRequest);

        String roleName = "company_" + company.getCompanyId() +  "_role";
        CreateRoleRequest request = new CreateRoleRequest()
                .withPath("/"+rolesFolder+"/")
                .withRoleName(roleName)
                .withAssumeRolePolicyDocument(assumeRolePolicyDocument)
                .withDescription("Role created for the company "+company.getCompanyId()+". This Role has for example policy for S3 bucket");
        CreateRoleResult response = client.createRole(request);

        // Attach the policy to the role
        AttachRolePolicyRequest attachRequest =  new AttachRolePolicyRequest()
                .withRoleName(roleName)
                .withPolicyArn(policyResponse.getPolicy().getArn());

        AttachRolePolicyResult attachRolePolicyResult = client.attachRolePolicy(attachRequest);


        logger.info(attachRolePolicyResult);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用AWS Java SDK创建新的AWS实例 - How to create a new AWS instance using AWS Java SDK AWS Java SDK v2 未在 EKS 中使用 IRSA IAM 角色 - AWS Java SDK v2 not using IRSA IAM Role in EKS 如何使用 IAM 角色通过 aws sdk (java) 从 ECS 容器调用 s3 存储桶 - How to call s3 bucket from ECS container via aws sdk (java) by using IAM role 如何在 AWS Java SDK 中使用 IAM 角色创建云形成? - How to create cloud formation using IAM roles in AWS Java SDK? 无法使用Java SDK在AWS中创建VPC - Not able to create a VPC in AWS using Java SDK 如何使用 AWS java sdk 在 AWS 中创建负载均衡器 - how can i create a load balancer in AWS using the AWS java sdk 如何通过aws-java-sdk创建AWS默认VPC - How to create AWS default VPC through aws-java-sdk 如何使用msgraph-sdk-java将成员添加到目录角色 - How to add a member to a directory role using the msgraph-sdk-java 使用AWS Java SDK为基于角色的联合用户创建SQS,而无需凭据 - Creating SQS using AWS Java SDK for role-based, federated user without having credentials 使用 Java AWS SDK 在 Ceph Object 网关上创建角色时出现异常 - Exception when creating a role on Ceph Object Gateway using Java AWS SDK
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM