Class AWS::Policy
In: lib/aws/policy.rb
Parent: Object

Represents an access policy for AWS operations and resources. For example: 

  policy = Policy.new do |policy|
    policy.allow(:actions => ['s3:PutObject'],
                 :resources => "arn:aws:s3:::mybucket/mykey/*",
                 :principals => :any
    ).where(:acl).is("public-read")
  end

  policy.to_json               # => '{ "Version":"2008-10-17", ...'

@see initialize More ways to construct a policy. @see docs.amazonwebservices.com/AmazonS3/latest/dev/AccessPolicyLanguage_UseCases_s3_a.html Example policies (in JSON).

Methods

==   allow   deny   eql?   from_json   hash_without_ids   new   to_h   to_json  

Classes and Modules

Class AWS::Policy::ConditionBlock
Class AWS::Policy::ConditionBuilder
Class AWS::Policy::OperatorBuilder
Class AWS::Policy::Statement

Attributes

id  [R]  @return [String] A unique ID for the policy.
statements  [R]  @see Statement @return [Array] An array of policy statements.
version  [R]  @return [String] The version of the policy language used in this 
  policy object.

Public Class methods

from_json(json)

Constructs a policy from a JSON representation. @see initialize @return [Policy] Returns a Policy object constructed by parsing 

  the passed JSON policy.
new(opts = {}) {|self| ...}

Constructs a policy. There are a few different ways to build a policy:

  • With hash arguments: 
      Policy.new(:statements => [
    { :effect => :allow,
      :actions => :all,
      :principals => ["abc123"],
      :resources => "mybucket/mykey"
    }
  ])
  • From a JSON policy document: 
      Policy.from_json(policy_json_string)
  • With a block: 
      Policy.new do |policy|

    policy.allow(
      :actions => ['s3:PutObject'],
      :resources => "arn:aws:s3:::mybucket/mykey/*",
      :principals => :any
    ).where(:acl).is("public-read")

  end

Public Instance methods

==(other)

@return [Boolean] Returns true if the two policies are the same.

allow(opts = {})

Convenience method for constructing a new statement with the "Allow" effect and adding it to the policy. For example: 

    policy.allow(:actions => [:put_object],
                 :principals => :any,
                 :resources => "mybucket/mykey/*").
      where(:acl).is("public-read")

@option (see Statement#initialize) @see Statement#initialize @return [ConditionBuilder]

deny(opts = {})

Convenience method for constructing a new statement with the "Deny" effect and adding it to the policy. For example: 

  policy.deny(
    :actions => [:put_object],
    :principals => :any,
    :resources => "mybucket/mykey/*"
  ).where(:acl).is("public-read")

@param (see Statement#initialize) @see Statement#initialize @return [ConditionBuilder]

eql?(other)

Alias for #==

to_h()

Returns a hash representation of the policy. The following statements are equivalent: 

  policy.to_h.to_json
  policy.to_json

@return [Hash]

to_json()

@return [String] a JSON representation of the policy.

Protected Instance methods

hash_without_ids()

Removes the ids from the policy and its statements for the purpose of comparing two policies for equivilence. @return [Hash] Returns the policy as a hash with no ids @private

[Validate]