Class ConditionFactory
- Namespace
- Amazon.Auth.AccessControlPolicy
- Assembly
- AWSSDK.Core.dll
A factory for creating conditions to be used in the policy.
public static class ConditionFactory- Inheritance
-
ConditionFactory
- Inherited Members
Fields
CURRENT_TIME_CONDITION_KEY
Condition key for the current time.
This condition key should only be used with ConditionFactory.DateComparisonType enum.
public const string CURRENT_TIME_CONDITION_KEY = "aws:CurrentTime"Field Value
EPOCH_TIME_CONDITION_KEY
Condition key for the current time, in epoch seconds.
This condition key should only be used with ConditionFactory.NumericComparisonType enum. objects.
public const string EPOCH_TIME_CONDITION_KEY = "aws:EpochTime"Field Value
REFERRER_CONDITION_KEY
Condition key for the referrer specified by a request.
This condition key should only be used with ConditionFactory.StringComparisonType objects.
public const string REFERRER_CONDITION_KEY = "aws:Referer"Field Value
S3_CANNED_ACL_CONDITION_KEY
Condition key for the canned ACL specified by a request.
This condition key may only be used with ConditionFactory.StringComparisonType enum.
public const string S3_CANNED_ACL_CONDITION_KEY = "s3:x-amz-acl"Field Value
S3_COPY_SOURCE_CONDITION_KEY
Condition key for the source object specified by a request to copy an object.
This condition key may only be used with ConditionFactory.StringComparisonType enum.
public const string S3_COPY_SOURCE_CONDITION_KEY = "s3:x-amz-copy-source"Field Value
S3_DELIMITER_CONDITION_KEY
Condition key for the delimiter specified by a request.
This condition key may only be used with ConditionFactory.StringComparisonType enum.
public const string S3_DELIMITER_CONDITION_KEY = "s3:delimiter"Field Value
S3_LOCATION_CONSTRAINT_CONDITION_KEY
Condition key for the location constraint specified by a request.
This condition key may only be used with ConditionFactory.StringComparisonType enum.
public const string S3_LOCATION_CONSTRAINT_CONDITION_KEY = "s3:LocationConstraint"Field Value
S3_MAX_KEYS_CONDITION_KEY
Condition key for the max keys specified by a request.
This condition key may only be used with ConditionFactory.StringComparisonType enum.
public const string S3_MAX_KEYS_CONDITION_KEY = "s3:max-keys"Field Value
S3_METADATA_DIRECTIVE_CONDITION_KEY
Condition key for the metadata directive specified by a request to copy an object.
This condition key may only be used with ConditionFactory.StringComparisonType enum.
public const string S3_METADATA_DIRECTIVE_CONDITION_KEY = "s3:x-amz-metadata-directive"Field Value
S3_PREFIX_CONDITION_KEY
Condition key for the prefix specified by a request.
This condition key may only be used with ConditionFactory.StringComparisonType enum.
public const string S3_PREFIX_CONDITION_KEY = "s3:prefix"Field Value
S3_VERSION_ID_CONDITION_KEY
Condition key for the version ID of an object version specified by a request.
This condition key may only be used with ConditionFactory.StringComparisonType enum.
public const string S3_VERSION_ID_CONDITION_KEY = "s3:VersionId"Field Value
SECURE_TRANSPORT_CONDITION_KEY
Condition key for whether or not an incoming request is using a secure transport to make the request (i.e. HTTPS instead of HTTP).
This condition key should only be used with the boolean overload of NewCondition.
public const string SECURE_TRANSPORT_CONDITION_KEY = "aws:SecureTransport"Field Value
SNS_ENDPOINT_CONDITION_KEY
Condition key for The URL, e-mail address, or ARN from a Subscribe request or a previously confirmed subscription. Use with string conditions to restrict access to specific endpoints (e.g., *@mycompany.com).
This condition key may only be used with ConditionFactory.StringComparisonType enum.
public const string SNS_ENDPOINT_CONDITION_KEY = "sns:Endpoint"Field Value
SNS_PROTOCOL_CONDITION_KEY
Condition key for the protocol value from a Subscribe request or a previously confirmed subscription. Use with string conditions to restrict publication to specific delivery protocols (e.g., HTTPS).
This condition key may only be used with ConditionFactory.StringComparisonType enum.
public const string SNS_PROTOCOL_CONDITION_KEY = "sns:Protocol"Field Value
SOURCE_ACCOUNT_KEY
Condition key for the account id of the source specified in a request.
public const string SOURCE_ACCOUNT_KEY = "aws:SourceAccount"Field Value
SOURCE_ARN_CONDITION_KEY
Condition key for the Amazon Resource Name (ARN) of the source specified in a request. The source ARN indicates which resource is affecting the resource listed in your policy. For example, an SNS topic is the source ARN when publishing messages from the topic to an SQS queue.
This condition key should only be used with ConditionFactory.ArnComparisonType enum.
public const string SOURCE_ARN_CONDITION_KEY = "aws:SourceArn"Field Value
SOURCE_IP_CONDITION_KEY
Condition key for the source IP from which a request originates.
This condition key should only be used with ConditionFactory.IpAddressComparisonType enum.
public const string SOURCE_IP_CONDITION_KEY = "aws:SourceIp"Field Value
USER_AGENT_CONDITION_KEY
Condition key for the user agent included in a request.
This condition key should only be used with ConditionFactory.StringComparisonType enum.
public const string USER_AGENT_CONDITION_KEY = "aws:UserAgent"Field Value
Methods
NewCannedACLCondition(string)
Constructs a new access policy condition that compares an Amazon S3 canned ACL with the canned ACL specified by an incoming request.
You can use this condition to ensure that any objects uploaded to an Amazon S3 bucket have a specific canned ACL set.
public static Condition NewCannedACLCondition(string cannedAcl)Parameters
cannedAclstringThe Amazon S3 canned ACL to compare against.
Returns
- Condition
A new access control policy condition that compares the Amazon S3 canned ACL specified in incoming requests against the value specified.
NewCondition(ArnComparisonType, string, string)
Constructs a new access control policy condition that compares ARNs (Amazon Resource Names).
public static Condition NewCondition(ConditionFactory.ArnComparisonType type, string key, string value)Parameters
typeConditionFactory.ArnComparisonTypeThe type of comparison to perform.
keystringThe access policy condition key specifying where to get the first ARN for the comparison
valuestringThe second ARN to compare against. When using ArnLike or ArnNotLike this may contain the multi-character wildcard (*) or the single-character wildcard
Returns
NewCondition(DateComparisonType, DateTime)
This method is deprecated. Invoking this method results in non-UTC DateTimes not being marshalled correctly. Use NewConditionUtc instead. Constructs a new access policy condition that compares the current time (on the AWS servers) to the specified date.
[Obsolete("Invoking this method results in non-UTC DateTimes not being marshalled correctly. Use NewConditionUtc instead.", false)]
public static Condition NewCondition(ConditionFactory.DateComparisonType type, DateTime date)Parameters
typeConditionFactory.DateComparisonTypeThe type of comparison to perform. For example, DateComparisonType.DateLessThan will cause this policy condition to evaluate to true if the current date is less than the date specified in the second argument.
dateDateTimeThe date to compare against.
Returns
NewCondition(IpAddressComparisonType, string)
Constructs a new access policy condition that compares the source IP address of the incoming request to an AWS service against the specified CIDR range. When the condition evaluates to true (i.e. when the incoming source IP address is within the CIDR range or not) depends on the specified IpAddressComparisonType.
public static Condition NewCondition(ConditionFactory.IpAddressComparisonType type, string ipAddressRange)Parameters
typeConditionFactory.IpAddressComparisonTypeThe type of comparison to to perform.
ipAddressRangestringThe CIDR IP range involved in the policy condition.
Returns
NewCondition(NumericComparisonType, string, string)
Constructs a new access policy condition that compares two numbers.
public static Condition NewCondition(ConditionFactory.NumericComparisonType type, string key, string value)Parameters
typeConditionFactory.NumericComparisonTypeThe type of comparison to perform.
keystringThe access policy condition key specifying where to get the first number for the comparison.
valuestringThe second number to compare against.
Returns
NewCondition(StringComparisonType, string, string)
Constructs a new access control policy condition that compares two strings.
public static Condition NewCondition(ConditionFactory.StringComparisonType type, string key, string value)Parameters
typeConditionFactory.StringComparisonTypeThe type of comparison to perform
keystringThe access policy condition key specifying where to get the first string for the comparison (ex: aws:UserAgent).
valuestringThe second string to compare against. When using StringComparisonType.StringLike or StringComparisonType.StringNotLike this may contain the multi-character wildcard (*) or the single-character wildcard (?).
Returns
NewCondition(string, bool)
Constructs a new access policy condition that performs a boolean comparison.
public static Condition NewCondition(string key, bool value)Parameters
keystringThe access policy condition key specifying where to get the first boolean value for the comparison (ex: aws:SecureTransport).
valueboolThe boolean to compare against.
Returns
NewConditionUtc(DateComparisonType, DateTime)
Constructs a new access policy condition that compares the current time (on the AWS servers) to the specified date.
public static Condition NewConditionUtc(ConditionFactory.DateComparisonType type, DateTime date)Parameters
typeConditionFactory.DateComparisonTypeThe type of comparison to perform. For example, DateComparisonType.DateLessThan will cause this policy condition to evaluate to true if the current date is less than the date specified in the second argument.
dateDateTimeThe date to compare against.
Returns
NewEndpointCondition(string)
Constructs a new access policy condition that compares the requested endpoint used to subscribe to an Amazon SNS topic with the specified endpoint pattern. The endpoint pattern may optionally contain the multi-character wildcard (*) or the single-character wildcard (?).
For example, this condition can restrict subscriptions to a topic to email addresses in a certain domain ("*@my-company.com").
Policy policy = new Policy("MyTopicPolicy");
policy.WithStatements(new Statement(Statement.StatementEffect.Allow)
.WithPrincipals(new Principal("*")).WithActionIdentifiers(SNSActionIdentifiers.Subscribe)
.WithResources(new Resource(myTopicArn))
.WithConditions(ConditionFactory.NewEndpointCondition("*@my-company.com")));public static Condition NewEndpointCondition(string endpointPattern)Parameters
endpointPatternstringThe endpoint pattern against which to compare the requested endpoint for an Amazon SNS topic subscription.
Returns
- Condition
A new access control policy condition that compares the endpoint used in a request to subscribe to an Amazon SNS topic with the endpoint pattern specified.
NewIpAddressCondition(string)
Constructs a new access policy condition that compares the source IP address of the incoming request to an AWS service against the specified CIDR range. The condition evaluates to true (meaning the policy statement containing it will be applied) if the incoming source IP address is within that range.
To achieve the opposite effect (i.e. cause the condition to evaluate to true when the incoming source IP is not in the specified CIDR range) use the alternate constructor form and specify IpAddressComparisonType.NotIpAddress.
public static Condition NewIpAddressCondition(string ipAddressRange)Parameters
ipAddressRangestringThe CIDR IP range involved in the policy condition.
Returns
NewProtocolCondition(string)
Constructs a new AWS access control policy condition that allows an access control statement to restrict subscriptions to an Amazon SNS topic based on the protocol being used for the subscription. For example, this condition can restrict subscriptions to a topic to endpoints using HTTPS to ensure that messages are securely delivered.
public static Condition NewProtocolCondition(string protocol)Parameters
protocolstringThe protocol against which to compare the requested protocol for an Amazon SNS topic subscription.
Returns
- Condition
A new access control policy condition that compares the notification protocol requested in a request to subscribe to an Amazon SNS topic with the protocol value specified.
NewSecureTransportCondition()
Constructs a new access control policy condition that tests if the incoming request was sent over a secure transport (HTTPS).
public static Condition NewSecureTransportCondition()Returns
- Condition
A new access control policy condition that tests if the incoming request was sent over a secure transport (HTTPS).
NewSourceArnCondition(string)
Constructs a new access policy condition that compares the Amazon Resource Name (ARN) of the source of an AWS resource that is modifying another AWS resource with the specified pattern.
For example, the source ARN could be an Amazon SNS topic ARN that is sending messages to an Amazon SQS queue. In that case, the SNS topic ARN would be compared the ARN pattern specified here.
The endpoint pattern may optionally contain the multi-character wildcard * (*) or the single-character wildcard (?). Each of the six colon-delimited components of the ARN is checked separately and each can include a wildcard.
Policy policy = new Policy("MyQueuePolicy");
policy.WithStatements(new Statement(Statement.StatementEffect.Allow)
.WithPrincipals(new Principal("*")).WithActionIdentifiers(SQSActionIdentifiers.SendMessage)
.WithResources(new Resource(myQueueArn))
.WithConditions(ConditionFactory.NewSourceArnCondition(myTopicArn)));public static Condition NewSourceArnCondition(string arnPattern)Parameters
arnPatternstringThe ARN pattern against which the source ARN will be compared. Each of the six colon-delimited components of the ARN is checked separately and each can include a wildcard.
Returns
- Condition
A new access control policy condition that compares the ARN of the source specified in an incoming request with the ARN pattern specified here.