Manualshelf

User guide

ManualsBrandsAmazon ManualsComputer equipmentAWS SDK
11121314151617181920
4 logger. Enabling the DEBUG level on the apache.http.wire logger enables logging for all request
and response data.
The following log4j.properties file turns on full wire logging in Apache HttpClient 4 and should only be
turned on temporarily since it can have a significant performance impact on your application.
log4j.rootLogger=WARN, A1
log4j.appender.A1=org.apache.log4j.ConsoleAppender
log4j.appender.A1.layout=org.apache.log4j.PatternLayout
log4j.appender.A1.layout.ConversionPattern=%d [%t] %-5p %c - %m%n
# Log all HTTP content (headers, parameters, content, etc) for
# all requests and responses. Use caution with this since it can
# be very expensive to log such verbose data!
log4j.logger.org.apache.http.wire=DEBUG
Access Control Policies
AWS access control policies allow you to specify fine-grained access controls on your AWS resources.
You can allow or deny access to your AWS resources based on:
what resource is being accessed.
who is accessing the resource (i.e., the principal).
what action is being taken on the resource.
a variety of other conditions including date restrictions, IP address restrictions, etc.
Access control policies are a collection of statements. Each statement takes the form: "A has permission
to do B to C where D applies".
A is the principal
The AWS account that is making a request to access or modify one of your AWS resources.
B is the action
The way in which your AWS resource is being accessed or modified, such as sending a message
to an Amazon SQS queue, or storing an object in an Amazon S3 bucket.
C is the resource
Your AWS entity that the principal wants to access, such as an Amazon SQS queue, or an object
stored in Amazon S3.
D is the set of conditions
The optional constraints that specify when to allow or deny access for the principal to access your
resource. Many expressive conditions are available, some specific to each service. For example,
you can use date conditions to allow access to your resources only after or before a specific time.
Amazon S3 Example
The following example demonstrates a policy that allows anyone access to read all the objects in a bucket,
but restricts access to uploading objects to that bucket to two specific AWS accounts (in addition to the
bucket owner's account).
Statement allowPublicReadStatement = new Statement(Effect.Allow)
.withPrincipals(Principal.AllUsers)
.withActions(S3Actions.GetObject)
Version v1.0.0
17
AWS SDK for Java Developer Guide
Access Control Policies