个人中心
gpt4 book ai didi

java - 如何使用 java sdk 创建具有权限的 aws 角色?

转载 作者:行者123 更新时间:2023-12-04 15:24:13 24 4
gpt4 key购买 nike

我正在尝试创建具有特定权限的角色但没有成功:

这是我的许可:

    String jsonRole = "{" + 
            "    \"Version\": \"2012-10-17\"," + 
            "    \"Statement\": [" + 
            "        {" + 
            "            \"Effect\": \"Allow\"," + 
            "            \"Action\": [" + 
            "                \"s3:PutObject\"," + 
            "                \"s3:GetObject\"," + 
            "                \"s3:GetObjectVersion\"," + 
            "                \"s3:DeleteObject\"," + 
            "                \"s3:DeleteObjectVersion\"" + 
            "            ]," + 
            "            \"Resource\": \"arn:aws:s3:::"+artifactsBucket+"/"+company.getCompanyId()+"/*\"" + 
            "        }" + 
            "    ]" + 
            "}";

和创建角色的命令:

AmazonIdentityManagement client = AmazonIdentityManagementClientBuilder.standard().build();
CreateRoleRequest request = new CreateRoleRequest().withPath("/companies-bucket-roles/").withRoleName(company.getName()+"-"+consoleUser.getConsoleUserId());

但是我不知道如何给角色添加权限。我在文档中什么也没找到。有什么想法吗?

提前致谢

最佳答案

如果您想创建角色并添加策略,这是完整的代码:

        String jsonPolicyDocument = "{" + 
                "    \"Version\": \"2012-10-17\"," + 
                "    \"Statement\": [" + 
                "        {" + 
                "            \"Effect\": \"Allow\"," + 
                "            \"Action\": [" + 
                "                \"s3:PutObject\"," + 
                "                \"s3:GetObject\"," + 
                "                \"s3:GetObjectVersion\"," + 
                "                \"s3:DeleteObject\"," + 
                "                \"s3:DeleteObjectVersion\"" + 
                "            ]," + 
                "            \"Resource\": \"arn:aws:s3:::"+artifactsBucket+"/"+company.getCompanyId()+"/*\"" + 
                "        }" + 
                "    ]" + 
                "}";

        String assumeRolePolicyDocument = "{" + 
                "  \"Version\": \"2012-10-17\"," + 
                "  \"Statement\": [" + 
                "    {" + 
                "      \"Effect\": \"Allow\"," + 
                "      \"Principal\": {" + 
                "        \"Federated\": \"cognito-identity.amazonaws.com\"" + 
                "      }," + 
                "      \"Action\": \"sts:AssumeRoleWithWebIdentity\"," + 
                "      \"Condition\": {" + 
                "        \"StringEquals\": {" + 
                "          \"cognito-identity.amazonaws.com:aud\": \""+poolId+"\"" + 
                "        }," + 
                "        \"ForAnyValue:StringLike\": {" + 
                "          \"cognito-identity.amazonaws.com:amr\": \"authenticated\"" + 
                "        }" + 
                "      }" + 
                "    }" + 
                "  ]" + 
                "}";
        
        
        AmazonIdentityManagement client = AmazonIdentityManagementClientBuilder.standard().build();
        // First create a policy
        CreatePolicyRequest policyRequest = new CreatePolicyRequest()
                .withPolicyName("company_" + company.getCompanyId() + "_s3bucket" + "_policy")
                .withPolicyDocument(jsonPolicyDocument)
                .withDescription("Policy created for the company "+company.getCompanyId()+". This policy give access to S3 bucket for this company");

        CreatePolicyResult policyResponse = client.createPolicy(policyRequest);

        String roleName = "company_" + company.getCompanyId() +  "_role";
        CreateRoleRequest request = new CreateRoleRequest()
                .withPath("/"+rolesFolder+"/")
                .withRoleName(roleName)
                .withAssumeRolePolicyDocument(assumeRolePolicyDocument)
                .withDescription("Role created for the company "+company.getCompanyId()+". This Role has for example policy for S3 bucket");
        CreateRoleResult response = client.createRole(request);

        // Attach the policy to the role
        AttachRolePolicyRequest attachRequest =  new AttachRolePolicyRequest()
                .withRoleName(roleName)
                .withPolicyArn(policyResponse.getPolicy().getArn());

        AttachRolePolicyResult attachRolePolicyResult = client.attachRolePolicy(attachRequest);


        logger.info(attachRolePolicyResult);

关于java - 如何使用 java sdk 创建具有权限的 aws 角色?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62645596/

24 4 0
文章推荐: python - 使用python zip函数将两个列表排序在一起
文章推荐: json.net - StringEnumConverter 用作属性但不是全局的
文章推荐: html - 两行文本的边框半径四舍五入
文章推荐: java - 为 Spring Web 客户端禁用 SSL 检查
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com