AWS SDK on Java allows us to use the IAM service via the SDK in multiple languages so that we can customize it as per our choices. To access the IAM service, we need to create the AmazonIdentityManagement object as follows:
AmazonIdentityManagement amazonIdentityManagement =
AmazonIdentityManagementClientBuilder
.standard()
//.withClientConfiguration(getClientConfiguration())
.withCredentials(getCredentials())
.withRegion(Regions.US_EAST_1)
.build();
public ClientConfiguration getClientConfiguration() {
return new ClientConfiguration()
.withProxyUsername("PROXY_USERNAME")
.withProxyPassword("PROXY_PASSWORD")
.withProtocol(Protocol.HTTPS)
.withProxyHost("PROXY_HOSTNAME")
.withProxyPort(80);
} public AWSCredentialsProvider getCredentials() {
// return new AWSStaticCredentialsProvider(new BasicAWSCredentials("ACCESS_KEY", "SECRET_KEY"));
return new ProfileCredentialsProvider("aws-bootcamp");
}
When your code is executed behind the proxy server, you need to set the client configuration properties. We can use any of the Credentials Provider techniques to create the AWSCredentialsProvider object. Here, we have added access key ID and secret key in the C://Users/{USER}/.aws/credentials
file with the profile name aws-bootcamp.
Creating a policy
The following code creates a customer-managed policy under your AWS account:
String policyName = "AmazonS3FullAccess";
String description = "S3 Full Access On my-bucket";
String policyDocument = readFromFile("PolicyDocument.json");
String policyARN =
createPolicy(policyName, description, policyDocument);
public String createPolicy(
String policyName,
String description,
String policyDocument) {
CreatePolicyRequest createPolicyRequest =
new CreatePolicyRequest()
.withPolicyName(policyName)
.withDescription(description)
.withPolicyDocument(policyDocument);
CreatePolicyResult createPolicyResult =
amazonIdentityManagement
.createPolicy(createPolicyRequest);
return createPolicyResult.getPolicy().getArn();
}
The following is the policy document used to create the policy PolicyDocument.json
:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": "arn:aws:s3:::my-bucket"
}]
}
Creating a policy version
The following code creates a new policy version for a specific customer-managed policy:
String newPolicyDocument = readFromFile("NewPolicyDocument.json");
updatePolicy(policyARN, newPolicyDocument); ........ public String updatePolicy(
String policyARN,
String policyDocument) {
CreatePolicyVersionRequest createPolicyVersionRequest =
new CreatePolicyVersionRequest()
.withPolicyArn(policyARN)
.withPolicyDocument(policyDocument)
.withSetAsDefault(true);
CreatePolicyVersionResult createPolicyVersionResult =
amazonIdentityManagement.
createPolicyVersion( createPolicyVersionRequest);
return createPolicyVersionResult .getPolicyVersion() .getVersionId();
}
The following is the policy document used to create a policy version NewPolicyDocument.json
:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": "arn:aws:s3:::my-bucket-2"
}]
}
........