-
Notifications
You must be signed in to change notification settings - Fork 5.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
82 additions
and
0 deletions.
There are no files selected for viewing
82 changes: 82 additions & 0 deletions
82
javav2/example_code/s3/src/main/java/com/example/s3/lockscenario/CreateObjectLockRole.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,82 @@ | ||
| // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
| // SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
|
|
||
| package com.example.s3.lockscenario; | ||
|
|
||
| import software.amazon.awssdk.regions.Region; | ||
| import software.amazon.awssdk.services.iam.IamClient; | ||
| import software.amazon.awssdk.services.iam.model.CreateRoleRequest; | ||
| import software.amazon.awssdk.services.iam.model.PutRolePolicyRequest; | ||
|
|
||
| public class CreateObjectLockRole { | ||
| public static void main(String[] args) { | ||
| createLockRole(); | ||
| } | ||
|
|
||
| // snippet-start:[S3Lock.javav2.lock.role.main] | ||
| /** | ||
| * Creates an IAM role for AWS S3 Batch Operations to manage object locks. | ||
| */ | ||
| public static void createLockRole() { | ||
| final String roleName = "batch_operations-object-lock1"; | ||
|
|
||
| // Trust policy | ||
| final String trustPolicy = "{" | ||
| + "\"Version\":\"2012-10-17\"," | ||
| + "\"Statement\":[{" | ||
| + "\"Effect\":\"Allow\"," | ||
| + "\"Principal\":{" | ||
| + "\"Service\":\"batchoperations.s3.amazonaws.com\"" | ||
| + "}," | ||
| + "\"Action\":\"sts:AssumeRole\"" | ||
| + "}]" | ||
| + "}"; | ||
|
|
||
| // Permissions policy | ||
| final String bopsPermissions = "{" | ||
| + "\"Version\":\"2012-10-17\"," | ||
| + "\"Statement\":[" | ||
| + "{" | ||
| + "\"Effect\":\"Allow\"," | ||
| + "\"Action\":\"s3:GetBucketObjectLockConfiguration\"," | ||
| + "\"Resource\":\"arn:aws:s3:::amzn-s3-demo-manifest-bucket\"" | ||
| + "}," | ||
| + "{" | ||
| + "\"Effect\":\"Allow\"," | ||
| + "\"Action\":[\"s3:GetObject\",\"s3:GetObjectVersion\",\"s3:GetBucketLocation\"]," | ||
| + "\"Resource\":\"arn:aws:s3:::amzn-s3-demo-manifest-bucket/*\"" | ||
| + "}," | ||
| + "{" | ||
| + "\"Effect\":\"Allow\"," | ||
| + "\"Action\":[\"s3:PutObject\",\"s3:GetBucketLocation\"]," | ||
| + "\"Resource\":\"arn:aws:s3:::amzn-s3-demo-completion-report-bucket/*\"" | ||
| + "}" | ||
| + "]" | ||
| + "}"; | ||
|
|
||
| // Create IAM client | ||
| final IamClient iam = IamClient.builder() | ||
| .region(Region.US_WEST_2) | ||
| .build(); | ||
|
|
||
| // Create the role with the trust policy | ||
| final CreateRoleRequest createRoleRequest = CreateRoleRequest.builder() | ||
| .assumeRolePolicyDocument(trustPolicy) | ||
| .roleName(roleName) | ||
| .build(); | ||
|
|
||
| iam.createRole(createRoleRequest); | ||
|
|
||
| // Attach the permissions policy to the role | ||
| final PutRolePolicyRequest putRolePolicyRequest = PutRolePolicyRequest.builder() | ||
| .policyDocument(bopsPermissions) | ||
| .policyName("batch_operations-permissions") | ||
| .roleName(roleName) | ||
| .build(); | ||
|
|
||
| iam.putRolePolicy(putRolePolicyRequest); | ||
| System.out.println("The object lock role was created."); | ||
| } | ||
| // snippet-end:[S3Lock.javav2.lock.role.main] | ||
| } |