Class Principal

java.lang.Object
com.amazonaws.auth.policy.Principal
public class Principal extends Object
A principal is an AWS account or AWS web serivce, which is being allowed or denied access to a resource through an access control policy. The principal is a property of the Statement object, not directly the Policy object.

The principal is A in the statement "A has permission to do B to C where D applies."

In an access control policy statement, you can set the principal to all authenticated AWS users through the AllUsers member. This is useful when you don't want to restrict access based on the identity of the requester, but instead on other identifying characteristics such as the requester's IP address.

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static enum 
    Principal.Services
    The services who have the right to do the assume the role action.
    static enum 
    Principal.WebIdentityProviders
    Web identity providers, such as Login with Amazon, Facebook, or Google.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final Principal
    All
    Principal instance that includes all the AWS accounts, AWS web services and web identity providers.
    static final Principal
    AllServices
    Principal instance that includes all AWS web services.
    static final Principal
    AllUsers
    Principal instance that includes all users, including anonymous users.
    static final Principal
    AllWebProviders
    Principal instance that includes all the web identity providers.

  • Constructor Summary

    Constructors
    Constructor
    Description
    Principal(Principal.Services service)
    Constructs a new principal with the specified AWS web service which is being allowed or denied access to a resource through an access control policy.
    Principal(Principal.WebIdentityProviders webIdentityProvider)
    Constructs a new principal with the specified web identity provider.
    Principal(String accountId)
    Constructs a new principal with the specified AWS account ID.
    Principal(String provider, String id)
    Constructs a new principal with the specified id and provider.
    Principal(String provider, String id, boolean stripHyphen)
    Constructs a new principal with the specified id and provider.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    equals(Object principal)
     
    String
    getId()
    Returns the unique ID for this principal.
    String
    getProvider()
    Returns the provider for this principal, which indicates in what group of users this principal resides.
    int
    hashCode()
     

    Methods inherited from class Object

    clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • AllUsers

      public static final Principal AllUsers
      Principal instance that includes all users, including anonymous users.

      This is useful when you don't want to restrict access based on the identity of the requester, but instead on other identifying characteristics such as the requester's IP address.

    • AllServices

      public static final Principal AllServices
      Principal instance that includes all AWS web services.

    • AllWebProviders

      public static final Principal AllWebProviders
      Principal instance that includes all the web identity providers.

    • All

      public static final Principal All
      Principal instance that includes all the AWS accounts, AWS web services and web identity providers.

  • Constructor Details

    • Principal

      public Principal(Principal.Services service)
      Constructs a new principal with the specified AWS web service which is being allowed or denied access to a resource through an access control policy.
      Parameters:
      service - An AWS service.

    • Principal

      public Principal(String accountId)
      Constructs a new principal with the specified AWS account ID. This method automatically strips hyphen characters found in the account Id.
      Parameters:
      accountId - An AWS account ID.

    • Principal

      public Principal(String provider, String id)
      Constructs a new principal with the specified id and provider. This method automatically strips hyphen characters found in the account ID if the provider is "AWS".

    • Principal

      public Principal(String provider, String id, boolean stripHyphen)
      Constructs a new principal with the specified id and provider. This method optionally strips hyphen characters found in the account Id.

    • Principal

      public Principal(Principal.WebIdentityProviders webIdentityProvider)
      Constructs a new principal with the specified web identity provider.
      Parameters:
      webIdentityProvider - An web identity provider.

  • Method Details

    • getProvider

      public String getProvider()
      Returns the provider for this principal, which indicates in what group of users this principal resides.
      Returns:
      The provider for this principal.

    • getId

      public String getId()
      Returns the unique ID for this principal.
      Returns:
      The unique ID for this principal.

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public boolean equals(Object principal)
      Overrides:
      equals in class Object