Class AWS::Core::Policy
In: lib/aws/core/policy.rb
Parent: Object

Represents an access policy for AWS operations and resources. For example:

  policy = Policy.new do |policy|
    policy.allow(:actions => ['s3:PutObject'],
                 :resources => "arn:aws:s3:::mybucket/mykey/*",
                 :principals => :any
    ).where(:acl).is("public-read")
  end

  policy.to_json               # => '{ "Version":"2008-10-17", ...'

@see initialize More ways to construct a policy. @see docs.amazonwebservices.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html Example policies (in JSON).

Methods

==   allow   deny   eql?   from_json   hash_without_ids   new   to_h   to_json  

Classes and Modules

Class AWS::Core::Policy::ConditionBlock
Class AWS::Core::Policy::ConditionBuilder
Class AWS::Core::Policy::OperatorBuilder
Class AWS::Core::Policy::Statement

Attributes

id  [R]  @return [String] A unique ID for the policy.
statements  [R]  @see Statement @return [Array] An array of policy statements.
version  [R]  @return [String] The version of the policy language used in this
  policy object.

Public Class methods

Constructs a policy from a JSON representation. @see initialize @return [Policy] Returns a Policy object constructed by parsing

  the passed JSON policy.

Constructs a policy. There are a few different ways to build a policy:

  • With hash arguments:
      Policy.new(:statements => [
        { :effect => :allow,
          :actions => :all,
          :principals => ["abc123"],
          :resources => "mybucket/mykey"
        }
      ])
    
  • From a JSON policy document:
      Policy.from_json(policy_json_string)
    
  • With a block:
      Policy.new do |policy|
    
        policy.allow(
          :actions => ['s3:PutObject'],
          :resources => "arn:aws:s3:::mybucket/mykey/*",
          :principals => :any
        ).where(:acl).is("public-read")
    
      end
    

Public Instance methods

@return [Boolean] Returns true if the two policies are the same.

Convenience method for constructing a new statement with the "Allow" effect and adding it to the policy. For example:

    policy.allow(:actions => [:put_object],
                 :principals => :any,
                 :resources => "mybucket/mykey/*").
      where(:acl).is("public-read")

@option (see Statement#initialize) @see Statement#initialize @return [ConditionBuilder]

Convenience method for constructing a new statement with the "Deny" effect and adding it to the policy. For example:

  policy.deny(
    :actions => [:put_object],
    :principals => :any,
    :resources => "mybucket/mykey/*"
  ).where(:acl).is("public-read")

@param (see Statement#initialize) @see Statement#initialize @return [ConditionBuilder]

eql?(other)

Alias for #==

Returns a hash representation of the policy. The following statements are equivalent:

  policy.to_h.to_json
  policy.to_json

@return [Hash]

@return [String] a JSON representation of the policy.

Protected Instance methods

Removes the ids from the policy and its statements for the purpose of comparing two policies for equivilence. @return [Hash] Returns the policy as a hash with no ids @private

[Validate]