Class | AWS::Core::Policy |
In: |
lib/aws/core/policy.rb
|
Parent: | Object |
Represents an access policy for AWS operations and resources. For example:
policy = Policy.new policy.allow( :actions => ['s3:PutObject'], :resources => "arn:aws:s3:::mybucket/mykey/*", :principals => :any ).where(:acl).is("public-read") policy.to_json # => '{ "Version":"2008-10-17", ...'
@see initialize More ways to construct a policy. @see docs.amazonwebservices.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html Example policies (in JSON).
id | [R] | @return [String] A unique ID for the policy. |
statements | [R] | @see Statement @return [Array] An array of policy statements. |
version | [R] |
@return [String] The version of the policy language used in this
policy object. |
Constructs a policy. There are a few different ways to build a policy:
Policy.new(:statements => [ { :effect => :allow, :actions => :all, :principals => ["abc123"], :resources => "mybucket/mykey" } ])
Policy.from_json(policy_json_string)
Policy.new do |policy| policy.allow( :actions => ['s3:PutObject'], :resources => "arn:aws:s3:::mybucket/mykey/*", :principals => :any ).where(:acl).is("public-read") end
Convenience method for constructing a new statement with the "Allow" effect and adding it to the policy. For example:
policy.allow( :actions => [:put_object], :principals => :any, :resources => "mybucket/mykey/*"). where(:acl).is("public-read")
@option (see Statement#initialize) @see Statement#initialize @return [ConditionBuilder]
Convenience method for constructing a new statement with the "Deny" effect and adding it to the policy. For example:
policy.deny( :actions => [:put_object], :principals => :any, :resources => "mybucket/mykey/*" ).where(:acl).is("public-read")
@param (see Statement#initialize) @see Statement#initialize @return [ConditionBuilder]
Returns a hash representation of the policy. The following statements are equivalent:
policy.to_h.to_json policy.to_json
@return [Hash]