Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
# Bekerja dengan IAM
Bagian ini memberikan contoh pemrograman AWS Identity and Access Management (IAM) dengan menggunakan AWS SDK untuk Java 2.x.
AWS Identity and Access Management (IAM) memungkinkan Anda untuk mengontrol akses ke AWS layanan dan sumber daya untuk pengguna Anda dengan aman. Dengan menggunakan IAM, Anda dapat membuat dan mengelola AWS pengguna dan grup, serta menggunakan izin untuk mengizinkan dan menolak akses mereka ke AWS sumber daya. Untuk panduan lengkap IAM, kunjungi [Panduan IAM Pengguna](https://docs.aws.amazon.com//IAM/latest/UserGuide/introduction.html).
Contoh berikut hanya mencakup kode yang diperlukan untuk mendemonstrasikan setiap teknik. [Kode contoh lengkap tersedia di GitHub](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2). Dari sana, Anda dapat mengunduh satu file sumber atau mengkloning repositori secara lokal untuk mendapatkan semua contoh untuk dibangun dan dijalankan.
**Topics**
+ [Kelola kunci IAM akses](examples-iam-access-keys.md)
+ [Kelola IAM Pengguna](examples-iam-users.md)
+ [Buat kebijakan IAM](feature-iam-policy-builder.md)
+ [Bekerja dengan IAM kebijakan](examples-iam-policies.md)
+ [Bekerja dengan sertifikat IAM server](examples-iam-server-certificates.md)
# Kelola kunci IAM akses
## Buat kunci akses
Untuk membuat kunci IAM akses, panggil `IamClient’s` `createAccessKey` metode dengan [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/CreateAccessKeyRequest.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/CreateAccessKeyRequest.html)objek.
**catatan**
Anda harus mengatur wilayah **AWS\$1GLOBAL**agar `IamClient` panggilan berfungsi karena IAM merupakan layanan global.
**Impor**
```
import software.amazon.awssdk.services.iam.model.CreateAccessKeyRequest;
import software.amazon.awssdk.services.iam.model.CreateAccessKeyResponse;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Kode**
```
public static String createIAMAccessKey(IamClient iam,String user) {
try {
CreateAccessKeyRequest request = CreateAccessKeyRequest.builder()
.userName(user).build();
CreateAccessKeyResponse response = iam.createAccessKey(request);
String keyId = response.accessKey().accessKeyId();
return keyId;
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return "";
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/f807d60010caf3d14fe4cd0801b842fb8e9511ca/javav2/example_code/iam/src/main/java/com/example/iam/CreateAccessKey.java) di GitHub.
## Daftar kunci akses
Untuk membuat daftar kunci akses untuk pengguna tertentu, buat [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListAccessKeysRequest.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListAccessKeysRequest.html)objek yang berisi nama pengguna untuk mencantumkan kunci, dan meneruskannya ke `IamClient’s` `listAccessKeys` metode.
**catatan**
Jika Anda tidak memberikan nama pengguna ke`listAccessKeys`, itu akan mencoba untuk daftar kunci akses yang terkait dengan Akun AWS yang menandatangani permintaan.
**Impor**
```
import software.amazon.awssdk.services.iam.model.AccessKeyMetadata;
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.ListAccessKeysRequest;
import software.amazon.awssdk.services.iam.model.ListAccessKeysResponse;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
```
**Kode**
```
public static void listKeys( IamClient iam,String userName ){
try {
boolean done = false;
String newMarker = null;
while (!done) {
ListAccessKeysResponse response;
if(newMarker == null) {
ListAccessKeysRequest request = ListAccessKeysRequest.builder()
.userName(userName).build();
response = iam.listAccessKeys(request);
} else {
ListAccessKeysRequest request = ListAccessKeysRequest.builder()
.userName(userName)
.marker(newMarker).build();
response = iam.listAccessKeys(request);
}
for (AccessKeyMetadata metadata :
response.accessKeyMetadata()) {
System.out.format("Retrieved access key %s",
metadata.accessKeyId());
}
if (!response.isTruncated()) {
done = true;
} else {
newMarker = response.marker();
}
}
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Hasil `listAccessKeys` paged (dengan maksimum default 100 record per panggilan). Anda dapat memanggil `isTruncated` [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListAccessKeysResponse.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListAccessKeysResponse.html)objek yang dikembalikan untuk melihat apakah kueri mengembalikan hasil yang lebih sedikit kemudian tersedia. Jika demikian, maka panggil `marker` `ListAccessKeysResponse` dan gunakan saat membuat permintaan baru. Gunakan permintaan baru itu dalam pemanggilan berikutnya. `listAccessKeys`
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/f807d60010caf3d14fe4cd0801b842fb8e9511ca/javav2/example_code/iam/src/main/java/com/example/iam/ListAccessKeys.java) di GitHub.
## Mengambil waktu terakhir yang digunakan kunci akses
Untuk mendapatkan waktu kunci akses terakhir digunakan, panggil `IamClient’s` `getAccessKeyLastUsed` metode dengan ID kunci akses (yang dapat diteruskan menggunakan [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/GetAccessKeyLastUsedRequest.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/GetAccessKeyLastUsedRequest.html)objek.
Anda kemudian dapat menggunakan [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/GetAccessKeyLastUsedResponse.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/GetAccessKeyLastUsedResponse.html)objek yang dikembalikan untuk mengambil waktu terakhir kunci yang digunakan.
**Impor**
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.GetAccessKeyLastUsedRequest;
import software.amazon.awssdk.services.iam.model.GetAccessKeyLastUsedResponse;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Kode**
```
public static void getAccessKeyLastUsed(IamClient iam, String accessId ){
try {
GetAccessKeyLastUsedRequest request = GetAccessKeyLastUsedRequest.builder()
.accessKeyId(accessId).build();
GetAccessKeyLastUsedResponse response = iam.getAccessKeyLastUsed(request);
System.out.println("Access key was last used at: " +
response.accessKeyLastUsed().lastUsedDate());
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
System.out.println("Done");
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/f807d60010caf3d14fe4cd0801b842fb8e9511ca/javav2/example_code/iam/src/main/java/com/example/iam/AccessKeyLastUsed.java) di GitHub.
## Aktifkan atau nonaktifkan tombol akses
Anda dapat mengaktifkan atau menonaktifkan kunci akses dengan membuat [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/UpdateAccessKeyRequest.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/UpdateAccessKeyRequest.html)objek, memberikan ID kunci akses, opsional nama pengguna, dan yang diinginkan [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/StatusType.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/StatusType.html), lalu meneruskan objek permintaan ke metode. `IamClient’s` `updateAccessKey`
**Impor**
```
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.StatusType;
import software.amazon.awssdk.services.iam.model.UpdateAccessKeyRequest;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
```
**Kode**
```
public static void updateKey(IamClient iam, String username, String accessId, String status ) {
try {
if (status.toLowerCase().equalsIgnoreCase("active")) {
statusType = StatusType.ACTIVE;
} else if (status.toLowerCase().equalsIgnoreCase("inactive")) {
statusType = StatusType.INACTIVE;
} else {
statusType = StatusType.UNKNOWN_TO_SDK_VERSION;
}
UpdateAccessKeyRequest request = UpdateAccessKeyRequest.builder()
.accessKeyId(accessId)
.userName(username)
.status(statusType)
.build();
iam.updateAccessKey(request);
System.out.printf(
"Successfully updated the status of access key %s to" +
"status %s for user %s", accessId, status, username);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/f807d60010caf3d14fe4cd0801b842fb8e9511ca/javav2/example_code/iam/src/main/java/com/example/iam/UpdateAccessKey.java) di GitHub.
## Hapus kunci akses
Untuk menghapus kunci akses secara permanen, panggil `IamClient’s` `deleteKey` metode, berikan dengan ID dan nama pengguna kunci akses yang [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/DeleteAccessKeyRequest.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/DeleteAccessKeyRequest.html)berisi.
**catatan**
Setelah dihapus, kunci tidak dapat lagi diambil atau digunakan. Untuk menonaktifkan sementara kunci sehingga dapat diaktifkan lagi nanti, gunakan [`updateAccessKey`](#iam-access-keys-update)metode sebagai gantinya.
**Impor**
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.DeleteAccessKeyRequest;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Kode**
```
public static void deleteKey(IamClient iam ,String username, String accessKey ) {
try {
DeleteAccessKeyRequest request = DeleteAccessKeyRequest.builder()
.accessKeyId(accessKey)
.userName(username)
.build();
iam.deleteAccessKey(request);
System.out.println("Successfully deleted access key " + accessKey +
" from user " + username);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/f807d60010caf3d14fe4cd0801b842fb8e9511ca/javav2/example_code/iam/src/main/java/com/example/iam/DeleteAccessKey.java) di GitHub.
## Informasi lain
+ [CreateAccessKey](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateAccessKey.html)di Referensi IAM API
+ [ListAccessKeys](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAccessKeys.html)di Referensi IAM API
+ [GetAccessKeyLastUsed](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccessKeyLastUsed.html)di Referensi IAM API
+ [UpdateAccessKey](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateAccessKey.html)di Referensi IAM API
+ [DeleteAccessKey](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteAccessKey.html)di Referensi IAM API
# Kelola IAM Pengguna
## Buat Pengguna
Buat IAM pengguna baru dengan memberikan nama pengguna ke IamClient `createUser` metode menggunakan [CreateUserRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/CreateUserRequest.html)objek yang berisi nama pengguna.
**Impor**
```
import software.amazon.awssdk.core.waiters.WaiterResponse;
import software.amazon.awssdk.services.iam.model.CreateUserRequest;
import software.amazon.awssdk.services.iam.model.CreateUserResponse;
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.waiters.IamWaiter;
import software.amazon.awssdk.services.iam.model.GetUserRequest;
import software.amazon.awssdk.services.iam.model.GetUserResponse;
```
**Kode**
```
public static String createIAMUser(IamClient iam, String username ) {
try {
// Create an IamWaiter object
IamWaiter iamWaiter = iam.waiter();
CreateUserRequest request = CreateUserRequest.builder()
.userName(username)
.build();
CreateUserResponse response = iam.createUser(request);
// Wait until the user is created
GetUserRequest userRequest = GetUserRequest.builder()
.userName(response.user().userName())
.build();
WaiterResponse waitUntilUserExists = iamWaiter.waitUntilUserExists(userRequest);
waitUntilUserExists.matched().response().ifPresent(System.out::println);
return response.user().userName();
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return "";
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/cf25559da654a7b74bec039c0ab9397dc5951dd4/javav2/example_code/iam/src/main/java/com/example/iam/CreateUser.java) di GitHub.
## Daftar Pengguna
Untuk membuat daftar IAM pengguna untuk akun Anda, buat yang baru [ListUsersRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListUsersRequest.html)dan teruskan ke IamClient `listUsers` metode ini. Anda dapat mengambil daftar pengguna dengan memanggil [ListUsersResponse](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListUsersResponse.html)objek `users` yang dikembalikan.
Daftar pengguna yang dikembalikan `listUsers` oleh halaman. Anda dapat memeriksa untuk melihat ada lebih banyak hasil untuk diambil dengan memanggil `isTruncated` metode objek respons. Jika kembali`true`, maka panggil `marker()` metode objek respon. Gunakan nilai penanda untuk membuat objek permintaan baru. Kemudian panggil `listUsers` metode lagi dengan permintaan baru.
**Impor**
```
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.ListUsersRequest;
import software.amazon.awssdk.services.iam.model.ListUsersResponse;
import software.amazon.awssdk.services.iam.model.User;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
```
**Kode**
```
public static void listAllUsers(IamClient iam ) {
try {
boolean done = false;
String newMarker = null;
while(!done) {
ListUsersResponse response;
if (newMarker == null) {
ListUsersRequest request = ListUsersRequest.builder().build();
response = iam.listUsers(request);
} else {
ListUsersRequest request = ListUsersRequest.builder()
.marker(newMarker).build();
response = iam.listUsers(request);
}
for(User user : response.users()) {
System.out.format("\n Retrieved user %s", user.userName());
}
if(!response.isTruncated()) {
done = true;
} else {
newMarker = response.marker();
}
}
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/cf25559da654a7b74bec039c0ab9397dc5951dd4/javav2/example_code/iam/src/main/java/com/example/iam/ListUsers.java) di GitHub.
## Memperbarui Pengguna
Untuk memperbarui pengguna, panggil `updateUser` metode IamClient objek, yang mengambil [UpdateUserRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/UpdateUserRequest.html)objek yang dapat Anda gunakan untuk mengubah *nama* atau *jalur* pengguna.
**Impor**
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.UpdateUserRequest;
```
**Kode**
```
public static void updateIAMUser(IamClient iam, String curName,String newName ) {
try {
UpdateUserRequest request = UpdateUserRequest.builder()
.userName(curName)
.newUserName(newName)
.build();
iam.updateUser(request);
System.out.printf("Successfully updated user to username %s",
newName);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/cf25559da654a7b74bec039c0ab9397dc5951dd4/javav2/example_code/iam/src/main/java/com/example/iam/UpdateUser.java) di GitHub.
## Menghapus Pengguna
Untuk menghapus pengguna, panggil IamClient `deleteUser` permintaan dengan [UpdateUserRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/UpdateUserRequest.html)objek yang ditetapkan dengan nama pengguna untuk dihapus.
**Impor**
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.DeleteUserRequest;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Kode**
```
public static void deleteIAMUser(IamClient iam, String userName) {
try {
DeleteUserRequest request = DeleteUserRequest.builder()
.userName(userName)
.build();
iam.deleteUser(request);
System.out.println("Successfully deleted IAM user " + userName);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/cf25559da654a7b74bec039c0ab9397dc5951dd4/javav2/example_code/iam/src/main/java/com/example/iam/DeleteUser.java) di GitHub.
## Informasi Selengkapnya
+ [IAM Pengguna](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html) di Panduan IAM Pengguna
+ [Mengelola IAM Pengguna](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html) di Panduan IAM Pengguna
+ [CreateUser](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateUser.html)di Referensi IAM API
+ [ListUsers](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListUsers.html)di Referensi IAM API
+ [UpdateUser](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateUser.html)di Referensi IAM API
+ [DeleteUser](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteUser.html)di Referensi IAM API
# Buat kebijakan IAM dengan AWS SDK for Java 2.x
[API Pembuat Kebijakan IAM](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/package-summary.html) adalah pustaka yang dapat Anda gunakan untuk membangun [kebijakan IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) di Java dan mengunggahnya ke AWS Identity and Access Management (IAM).
Alih-alih membangun kebijakan IAM dengan merakit string JSON secara manual atau dengan membaca file, API menyediakan pendekatan berorientasi objek sisi klien untuk menghasilkan string JSON. Saat Anda membaca kebijakan IAM yang ada dalam format JSON, API mengonversinya menjadi [IamPolicy](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamPolicy.html)instance untuk ditangani.
API Pembuat Kebijakan IAM tersedia dengan SDK versi 2.20.105, jadi gunakan versi tersebut atau yang lebih baru di file build Maven Anda. Nomor versi terbaru SDK [terdaftar di pusat Maven](https://central.sonatype.com/artifact/software.amazon.awssdk/iam-policy-builder).
Cuplikan berikut menunjukkan contoh blok ketergantungan untuk file Maven. `pom.xml` Ini memungkinkan Anda untuk menggunakan IAM Policy Builder API dalam proyek Anda.
```
software.amazon.awssdk
iam-policy-builder
2.27.21
```
## Buat `IamPolicy`
Bagian ini menunjukkan beberapa contoh cara membuat kebijakan dengan menggunakan IAM Policy Builder API.
Dalam setiap contoh berikut, mulailah dengan `[IamPolicy.Builder](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamPolicy.Builder.html)` dan tambahkan satu atau lebih pernyataan dengan menggunakan `addStatement` metode. Mengikuti pola ini, [IamStatement.Builder](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamStatement.Builder.html) memiliki metode untuk menambahkan efek, tindakan, sumber daya, dan kondisi ke pernyataan.
### Contoh: Membuat kebijakan berbasis waktu
Contoh berikut membuat kebijakan berbasis identitas yang mengizinkan tindakan Amazon DynamoDB antara dua titik waktu`GetItem`.
```
public String timeBasedPolicyExample() {
IamPolicy policy = IamPolicy.builder()
.addStatement(b -> b
.effect(IamEffect.ALLOW)
.addAction("dynamodb:GetItem")
.addResource(IamResource.ALL)
.addCondition(b1 -> b1
.operator(IamConditionOperator.DATE_GREATER_THAN)
.key("aws:CurrentTime")
.value("2020-04-01T00:00:00Z"))
.addCondition(b1 -> b1
.operator(IamConditionOperator.DATE_LESS_THAN)
.key("aws:CurrentTime")
.value("2020-06-30T23:59:59Z")))
.build();
// Use an IamPolicyWriter to write out the JSON string to a more readable format.
return policy.toJson(IamPolicyWriter.builder()
.prettyPrint(true)
.build());
}
```
#### Keluaran JSON
Pernyataan terakhir dalam contoh sebelumnya mengembalikan string JSON berikut.
Baca lebih lanjut tentang [contoh](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws-dates.html) ini di *Panduan AWS Identity and Access Management Pengguna*.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "dynamodb:GetItem",
"Resource": "*",
"Condition": {
"DateGreaterThan": {
"aws:CurrentTime": "2020-04-01T00:00:00Z"
},
"DateLessThan": {
"aws:CurrentTime": "2020-06-30T23:59:59Z"
}
}
}
}
```
------
### Contoh: Tentukan beberapa kondisi
Contoh berikut menunjukkan bagaimana Anda dapat membuat kebijakan berbasis identitas yang memungkinkan akses ke atribut DynamoDB tertentu. Kebijakan tersebut berisi dua syarat.
```
public String multipleConditionsExample() {
IamPolicy policy = IamPolicy.builder()
.addStatement(b -> b
.effect(IamEffect.ALLOW)
.addAction("dynamodb:GetItem")
.addAction("dynamodb:BatchGetItem")
.addAction("dynamodb:Query")
.addAction("dynamodb:PutItem")
.addAction("dynamodb:UpdateItem")
.addAction("dynamodb:DeleteItem")
.addAction("dynamodb:BatchWriteItem")
.addResource("arn:aws:dynamodb:*:*:table/table-name")
.addConditions(IamConditionOperator.STRING_EQUALS.addPrefix("ForAllValues:"),
"dynamodb:Attributes",
List.of("column-name1", "column-name2", "column-name3"))
.addCondition(b1 -> b1.operator(IamConditionOperator.STRING_EQUALS.addSuffix("IfExists"))
.key("dynamodb:Select")
.value("SPECIFIC_ATTRIBUTES")))
.build();
return policy.toJson(IamPolicyWriter.builder()
.prettyPrint(true).build());
}
```
#### Keluaran JSON
Pernyataan terakhir dalam contoh sebelumnya mengembalikan string JSON berikut.
Baca lebih lanjut tentang [contoh](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_dynamodb_attributes.html) ini di *Panduan AWS Identity and Access Management Pengguna*.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:BatchGetItem",
"dynamodb:Query",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:BatchWriteItem"
],
"Resource": "arn:aws:dynamodb:*:*:table/table-name",
"Condition": {
"ForAllValues:StringEquals": {
"dynamodb:Attributes": [
"column-name1",
"column-name2",
"column-name3"
]
},
"StringEqualsIfExists": {
"dynamodb:Select": "SPECIFIC_ATTRIBUTES"
}
}
}
}
```
------
### Contoh: Tentukan prinsipal
Contoh berikut menunjukkan cara membuat kebijakan berbasis sumber daya yang menolak akses ke bucket untuk semua prinsipal kecuali yang ditentukan dalam kondisi.
```
public String specifyPrincipalsExample() {
IamPolicy policy = IamPolicy.builder()
.addStatement(b -> b
.effect(IamEffect.DENY)
.addAction("s3:*")
.addPrincipal(IamPrincipal.ALL)
.addResource("arn:aws:s3:::BUCKETNAME/*")
.addResource("arn:aws:s3:::BUCKETNAME")
.addCondition(b1 -> b1
.operator(IamConditionOperator.ARN_NOT_EQUALS)
.key("aws:PrincipalArn")
.value("arn:aws:iam::444455556666:user/user-name")))
.build();
return policy.toJson(IamPolicyWriter.builder()
.prettyPrint(true).build());
}
```
#### Keluaran JSON
Pernyataan terakhir dalam contoh sebelumnya mengembalikan string JSON berikut.
Baca lebih lanjut tentang [contoh](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-anonymous) ini di *Panduan AWS Identity and Access Management Pengguna*.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement" : {
"Effect" : "Deny",
"Principal" : "*",
"Action" : "s3:*",
"Resource" : [ "arn:aws:s3:::BUCKETNAME/*", "arn:aws:s3:::BUCKETNAME" ],
"Condition" : {
"ArnNotEquals" : {
"aws:PrincipalArn" : "arn:aws:iam::444455556666:user/user-name"
}
}
}
}
```
------
### Contoh: Izinkan akses lintas akun
Contoh berikut menunjukkan cara mengizinkan orang lain Akun AWS mengunggah objek ke bucket Anda sambil mempertahankan kontrol pemilik penuh atas objek yang diunggah.
```
public String allowCrossAccountAccessExample() {
IamPolicy policy = IamPolicy.builder()
.addStatement(b -> b
.effect(IamEffect.ALLOW)
.addPrincipal(IamPrincipalType.AWS, "111122223333")
.addAction("s3:PutObject")
.addResource("arn:aws:s3:::amzn-s3-demo-bucket/*")
.addCondition(b1 -> b1
.operator(IamConditionOperator.STRING_EQUALS)
.key("s3:x-amz-acl")
.value("bucket-owner-full-control")))
.build();
return policy.toJson(IamPolicyWriter.builder()
.prettyPrint(true).build());
}
```
#### Keluaran JSON
Pernyataan terakhir dalam contoh sebelumnya mengembalikan string JSON berikut.
Baca lebih lanjut tentang [contoh](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-acl-2) ini di *Panduan Pengguna Layanan Penyimpanan Sederhana Amazon*.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement" : {
"Effect" : "Allow",
"Principal" : {
"AWS" : "111122223333"
},
"Action" : "s3:PutObject",
"Resource" : "arn:aws:s3:::amzn-s3-demo-bucket/*",
"Condition" : {
"StringEquals" : {
"s3:x-amz-acl" : "bucket-owner-full-control"
}
}
}
}
```
------
## Gunakan `IamPolicy` dengan IAM
Setelah Anda membuat `IamPolicy` instance, Anda menggunakan [https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/IamClient.html](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/IamClient.html)untuk bekerja dengan layanan IAM.
Contoh berikut membangun kebijakan yang memungkinkan [identitas IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/id.html) untuk menulis item ke tabel DynamoDB di akun yang ditentukan dengan parameter. `accountID` Kebijakan tersebut kemudian diunggah ke IAM sebagai string JSON.
```
public String createAndUploadPolicyExample(IamClient iam, String accountID, String policyName) {
// Build the policy.
IamPolicy policy =
IamPolicy.builder() // 'version' defaults to "2012-10-17".
.addStatement(IamStatement.builder()
.effect(IamEffect.ALLOW)
.addAction("dynamodb:PutItem")
.addResource("arn:aws:dynamodb:us-east-1:" + accountID + ":table/exampleTableName")
.build())
.build();
// Upload the policy.
iam.createPolicy(r -> r.policyName(policyName).policyDocument(policy.toJson()));
return policy.toJson(IamPolicyWriter.builder().prettyPrint(true).build());
}
```
Contoh berikutnya dibangun di atas contoh sebelumnya. Kode mengunduh kebijakan dan menggunakannya sebagai dasar untuk kebijakan baru dengan menyalin dan mengubah pernyataan. Kebijakan baru kemudian diunggah.
```
public String createNewBasedOnExistingPolicyExample(IamClient iam, String accountID, String policyName, String newPolicyName) {
String policyArn = "arn:aws:iam::" + accountID + ":policy/" + policyName;
GetPolicyResponse getPolicyResponse = iam.getPolicy(r -> r.policyArn(policyArn));
String policyVersion = getPolicyResponse.policy().defaultVersionId();
GetPolicyVersionResponse getPolicyVersionResponse =
iam.getPolicyVersion(r -> r.policyArn(policyArn).versionId(policyVersion));
// Create an IamPolicy instance from the JSON string returned from IAM.
String decodedPolicy = URLDecoder.decode(getPolicyVersionResponse.policyVersion().document(), StandardCharsets.UTF_8);
IamPolicy policy = IamPolicy.fromJson(decodedPolicy);
/*
All IamPolicy components are immutable, so use the copy method that creates a new instance that
can be altered in the same method call.
Add the ability to get an item from DynamoDB as an additional action.
*/
IamStatement newStatement = policy.statements().get(0).copy(s -> s.addAction("dynamodb:GetItem"));
// Create a new statement that replaces the original statement.
IamPolicy newPolicy = policy.copy(p -> p.statements(Arrays.asList(newStatement)));
// Upload the new policy. IAM now has both policies.
iam.createPolicy(r -> r.policyName(newPolicyName)
.policyDocument(newPolicy.toJson()));
return newPolicy.toJson(IamPolicyWriter.builder().prettyPrint(true).build());
}
```
### IamClient
Contoh sebelumnya menggunakan `IamClient` argumen yang dibuat seperti yang ditunjukkan pada cuplikan berikut.
```
IamClient iam = IamClient.builder().region(Region.AWS_GLOBAL).build();
```
### Kebijakan di JSON
Contoh mengembalikan string JSON berikut.
```
First example
{
"Version": "2012-10-17",
"Statement" : {
"Effect" : "Allow",
"Action" : "dynamodb:PutItem",
"Resource" : "arn:aws:dynamodb:us-east-1:111122223333:table/exampleTableName"
}
}
Second example
{
"Version": "2012-10-17",
"Statement" : {
"Effect" : "Allow",
"Action" : [ "dynamodb:PutItem", "dynamodb:GetItem" ],
"Resource" : "arn:aws:dynamodb:us-east-1:111122223333:table/exampleTableName"
}
}
```
# Bekerja dengan IAM kebijakan
## Buat kebijakan
Untuk membuat kebijakan baru, berikan nama kebijakan dan dokumen kebijakan berformat JSON dalam metode [CreatePolicyRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/CreatePolicyRequest.html)to the's. IamClient `createPolicy`
**Impor**
```
import software.amazon.awssdk.core.waiters.WaiterResponse;
import software.amazon.awssdk.services.iam.model.CreatePolicyRequest;
import software.amazon.awssdk.services.iam.model.CreatePolicyResponse;
import software.amazon.awssdk.services.iam.model.GetPolicyRequest;
import software.amazon.awssdk.services.iam.model.GetPolicyResponse;
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.waiters.IamWaiter;
```
**Kode**
```
public static String createIAMPolicy(IamClient iam, String policyName ) {
try {
// Create an IamWaiter object
IamWaiter iamWaiter = iam.waiter();
CreatePolicyRequest request = CreatePolicyRequest.builder()
.policyName(policyName)
.policyDocument(PolicyDocument).build();
CreatePolicyResponse response = iam.createPolicy(request);
// Wait until the policy is created
GetPolicyRequest polRequest = GetPolicyRequest.builder()
.policyArn(response.policy().arn())
.build();
WaiterResponse waitUntilPolicyExists = iamWaiter.waitUntilPolicyExists(polRequest);
waitUntilPolicyExists.matched().response().ifPresent(System.out::println);
return response.policy().arn();
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
return "" ;
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/e41bacfd5e671e7ef1a9f73e972540dc6a434664/javav2/example_code/iam/src/main/java/com/example/iam/CreatePolicy.java) di GitHub.
## Dapatkan kebijakan
Untuk mengambil kebijakan yang ada, panggil `getPolicy` metode, yang menyediakan ARN kebijakan dalam [GetPolicyRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/GetPolicyRequest.html)objek. IamClient
**Impor**
```
import software.amazon.awssdk.services.iam.model.GetPolicyRequest;
import software.amazon.awssdk.services.iam.model.GetPolicyResponse;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Kode**
```
public static void getIAMPolicy(IamClient iam, String policyArn) {
try {
GetPolicyRequest request = GetPolicyRequest.builder()
.policyArn(policyArn).build();
GetPolicyResponse response = iam.getPolicy(request);
System.out.format("Successfully retrieved policy %s",
response.policy().policyName());
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/cf25559da654a7b74bec039c0ab9397dc5951dd4/javav2/example_code/iam/src/main/java/com/example/iam/GetPolicy.java) di GitHub.
## Lampirkan kebijakan peran
Anda dapat melampirkan kebijakan ke IAM [peran](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) dengan memanggil `attachRolePolicy` metode, memberikannya nama peran dan kebijakan ARN di. IamClient [AttachRolePolicyRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/AttachRolePolicyRequest.html)
**Impor**
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.AttachRolePolicyRequest;
import software.amazon.awssdk.services.iam.model.AttachedPolicy;
import software.amazon.awssdk.services.iam.model.ListAttachedRolePoliciesRequest;
import software.amazon.awssdk.services.iam.model.ListAttachedRolePoliciesResponse;
import java.util.List;
```
**Kode**
```
public static void attachIAMRolePolicy(IamClient iam, String roleName, String policyArn ) {
try {
ListAttachedRolePoliciesRequest request = ListAttachedRolePoliciesRequest.builder()
.roleName(roleName)
.build();
ListAttachedRolePoliciesResponse response = iam.listAttachedRolePolicies(request);
List attachedPolicies = response.attachedPolicies();
// Ensure that the policy is not attached to this role
String polArn = "";
for (AttachedPolicy policy: attachedPolicies) {
polArn = policy.policyArn();
if (polArn.compareTo(policyArn)==0) {
System.out.println(roleName +
" policy is already attached to this role.");
return;
}
}
AttachRolePolicyRequest attachRequest =
AttachRolePolicyRequest.builder()
.roleName(roleName)
.policyArn(policyArn)
.build();
iam.attachRolePolicy(attachRequest);
System.out.println("Successfully attached policy " + policyArn +
" to role " + roleName);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
System.out.println("Done");
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/cf25559da654a7b74bec039c0ab9397dc5951dd4/javav2/example_code/iam/src/main/java/com/example/iam/AttachRolePolicy.java) di GitHub.
## Daftar kebijakan peran terlampir
Buat daftar kebijakan terlampir pada peran dengan memanggil `listAttachedRolePolicies` metode ini. IamClient Dibutuhkan [ListAttachedRolePoliciesRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListAttachedRolePoliciesRequest.html)objek yang berisi nama peran untuk mencantumkan kebijakan.
Panggil `getAttachedPolicies` [ListAttachedRolePoliciesResponse](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListAttachedRolePoliciesResponse.html)objek yang dikembalikan untuk mendapatkan daftar kebijakan terlampir. Hasil dapat terpotong; jika `isTruncated` metode `ListAttachedRolePoliciesResponse` objek kembali`true`, panggil metode `ListAttachedRolePoliciesResponse` objek. `marker` Gunakan penanda yang dikembalikan untuk membuat permintaan baru dan menggunakannya untuk memanggil `listAttachedRolePolicies` lagi untuk mendapatkan kumpulan hasil berikutnya.
**Impor**
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.AttachRolePolicyRequest;
import software.amazon.awssdk.services.iam.model.AttachedPolicy;
import software.amazon.awssdk.services.iam.model.ListAttachedRolePoliciesRequest;
import software.amazon.awssdk.services.iam.model.ListAttachedRolePoliciesResponse;
import java.util.List;
```
**Kode**
```
public static void attachIAMRolePolicy(IamClient iam, String roleName, String policyArn ) {
try {
ListAttachedRolePoliciesRequest request = ListAttachedRolePoliciesRequest.builder()
.roleName(roleName)
.build();
ListAttachedRolePoliciesResponse response = iam.listAttachedRolePolicies(request);
List attachedPolicies = response.attachedPolicies();
// Ensure that the policy is not attached to this role
String polArn = "";
for (AttachedPolicy policy: attachedPolicies) {
polArn = policy.policyArn();
if (polArn.compareTo(policyArn)==0) {
System.out.println(roleName +
" policy is already attached to this role.");
return;
}
}
AttachRolePolicyRequest attachRequest =
AttachRolePolicyRequest.builder()
.roleName(roleName)
.policyArn(policyArn)
.build();
iam.attachRolePolicy(attachRequest);
System.out.println("Successfully attached policy " + policyArn +
" to role " + roleName);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
System.out.println("Done");
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/cf25559da654a7b74bec039c0ab9397dc5951dd4/javav2/example_code/iam/src/main/java/com/example/iam/AttachRolePolicy.java) di GitHub.
## Lepaskan kebijakan peran
Untuk melepaskan kebijakan dari peran, panggil `detachRolePolicy` metode IamClient ini, berikan nama peran dan kebijakan ARN dalam file. [DetachRolePolicyRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/DetachRolePolicyRequest.html)
**Impor**
```
import software.amazon.awssdk.services.iam.model.DetachRolePolicyRequest;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Kode**
```
public static void detachPolicy(IamClient iam, String roleName, String policyArn ) {
try {
DetachRolePolicyRequest request = DetachRolePolicyRequest.builder()
.roleName(roleName)
.policyArn(policyArn)
.build();
iam.detachRolePolicy(request);
System.out.println("Successfully detached policy " + policyArn +
" from role " + roleName);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/cf25559da654a7b74bec039c0ab9397dc5951dd4/javav2/example_code/iam/src/main/java/com/example/iam/DetachRolePolicy.java) di GitHub.
## Informasi lain
+ [Ikhtisar IAM Kebijakan](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html) dalam Panduan IAM Pengguna.
+ [AWS Referensi Kebijakan IAM](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) dalam Panduan IAM Pengguna.
+ [CreatePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreatePolicy.html)di Referensi IAM API
+ [GetPolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetPolicy.html)di Referensi IAM API
+ [AttachRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_AttachRolePolicy.html)di Referensi IAM API
+ [ListAttachedRolePolicies](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListAttachedRolePolicies.html)di Referensi IAM API
+ [DetachRolePolicy](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DetachRolePolicy.html)di Referensi IAM API
# Bekerja dengan sertifikat IAM server
Untuk mengaktifkan koneksi HTTPS ke situs web atau aplikasi Anda AWS, Anda memerlukan *sertifikat SSL/TLS server*. Anda dapat menggunakan sertifikat server yang disediakan oleh AWS Certificate Manager atau yang Anda peroleh dari penyedia eksternal.
Sebaiknya gunakan ACM untuk menyediakan, mengelola, dan menyebarkan sertifikat server Anda. Dengan ACM Anda dapat meminta sertifikat, menyebarkannya ke AWS sumber daya Anda, dan membiarkan ACM menangani perpanjangan sertifikat untuk Anda. Sertifikat yang ACM disediakan oleh gratis. Untuk informasi selengkapnya ACM, lihat [Panduan AWS Certificate Manager Pengguna](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html).
## Dapatkan sertifikat server
Anda dapat mengambil sertifikat server dengan memanggil `getServerCertificate` metode, meneruskannya [GetServerCertificateRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/GetServerCertificateRequest.html)dengan nama sertifikat. IamClient
**Impor**
```
import software.amazon.awssdk.services.iam.model.GetServerCertificateRequest;
import software.amazon.awssdk.services.iam.model.GetServerCertificateResponse;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Kode**
```
public static void getCertificate(IamClient iam,String certName ) {
try {
GetServerCertificateRequest request = GetServerCertificateRequest.builder()
.serverCertificateName(certName)
.build();
GetServerCertificateResponse response = iam.getServerCertificate(request);
System.out.format("Successfully retrieved certificate with body %s",
response.serverCertificate().certificateBody());
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/0b1785e42949ebf959eaa0f0da4dc2a48f92ea25/javav2/example_code/iam/src/main/java/com/example/iam/GetServerCertificate.java) di GitHub.
## Daftar sertifikat server
Untuk mencantumkan sertifikat server Anda, panggil `listServerCertificates` metode ini dengan file [ListServerCertificatesRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListServerCertificatesRequest.html). IamClient Ini mengembalikan a [ListServerCertificatesResponse](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ListServerCertificatesResponse.html).
Panggil `serverCertificateMetadataList` metode `ListServerCertificateResponse` objek yang dikembalikan untuk mendapatkan daftar [ServerCertificateMetadata](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/ServerCertificateMetadata.html)objek yang dapat Anda gunakan untuk mendapatkan informasi tentang setiap sertifikat.
Hasil dapat terpotong; jika `isTruncated` metode `ListServerCertificateResponse` objek kembali`true`, panggil `marker` metode `ListServerCertificatesResponse` objek dan gunakan penanda untuk membuat permintaan baru. Gunakan permintaan baru untuk menelepon `listServerCertificates` lagi untuk mendapatkan kumpulan hasil berikutnya.
**Impor**
```
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.ListServerCertificatesRequest;
import software.amazon.awssdk.services.iam.model.ListServerCertificatesResponse;
import software.amazon.awssdk.services.iam.model.ServerCertificateMetadata;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
```
**Kode**
```
public static void listCertificates(IamClient iam) {
try {
boolean done = false;
String newMarker = null;
while(!done) {
ListServerCertificatesResponse response;
if (newMarker == null) {
ListServerCertificatesRequest request =
ListServerCertificatesRequest.builder().build();
response = iam.listServerCertificates(request);
} else {
ListServerCertificatesRequest request =
ListServerCertificatesRequest.builder()
.marker(newMarker).build();
response = iam.listServerCertificates(request);
}
for(ServerCertificateMetadata metadata :
response.serverCertificateMetadataList()) {
System.out.printf("Retrieved server certificate %s",
metadata.serverCertificateName());
}
if(!response.isTruncated()) {
done = true;
} else {
newMarker = response.marker();
}
}
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/0b1785e42949ebf959eaa0f0da4dc2a48f92ea25/javav2/example_code/iam/src/main/java/com/example/iam/ListServerCertificates.java) di GitHub.
## Memperbarui sertifikat server
Anda dapat memperbarui nama atau jalur sertifikat server dengan memanggil `updateServerCertificate` metode ini. IamClient Dibutuhkan [UpdateServerCertificateRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/UpdateServerCertificateRequest.html)objek yang ditetapkan dengan nama sertifikat server saat ini dan baik nama baru atau jalur baru untuk digunakan.
**Impor**
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
import software.amazon.awssdk.services.iam.model.UpdateServerCertificateRequest;
import software.amazon.awssdk.services.iam.model.UpdateServerCertificateResponse;
```
**Kode**
```
public static void updateCertificate(IamClient iam, String curName, String newName) {
try {
UpdateServerCertificateRequest request =
UpdateServerCertificateRequest.builder()
.serverCertificateName(curName)
.newServerCertificateName(newName)
.build();
UpdateServerCertificateResponse response =
iam.updateServerCertificate(request);
System.out.printf("Successfully updated server certificate to name %s",
newName);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/0b1785e42949ebf959eaa0f0da4dc2a48f92ea25/javav2/example_code/iam/src/main/java/com/example/iam/UpdateServerCertificate.java) di GitHub.
## Hapus sertifikat server
Untuk menghapus sertifikat server, panggil `deleteServerCertificate` metode dengan [DeleteServerCertificateRequest](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/services/iam/model/DeleteServerCertificateRequest.html)berisi nama sertifikat. IamClient
**Impor**
```
import software.amazon.awssdk.services.iam.model.DeleteServerCertificateRequest;
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.iam.IamClient;
import software.amazon.awssdk.services.iam.model.IamException;
```
**Kode**
```
public static void deleteCert(IamClient iam,String certName ) {
try {
DeleteServerCertificateRequest request =
DeleteServerCertificateRequest.builder()
.serverCertificateName(certName)
.build();
iam.deleteServerCertificate(request);
System.out.println("Successfully deleted server certificate " +
certName);
} catch (IamException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
```
Lihat [contoh lengkapnya](https://github.com/awsdocs/aws-doc-sdk-examples/blob/0b1785e42949ebf959eaa0f0da4dc2a48f92ea25/javav2/example_code/iam/src/main/java/com/example/iam/DeleteServerCertificate.java) di GitHub.
## Informasi selengkapnya
+ [Bekerja dengan Sertifikat Server](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) di Panduan IAM Pengguna
+ [GetServerCertificate](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetServerCertificate.html)di Referensi IAM API
+ [ListServerCertificates](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListServerCertificates.html)di Referensi IAM API
+ [UpdateServerCertificate](https://docs.aws.amazon.com/IAM/latest/APIReference/API_UpdateServerCertificate.html)di Referensi IAM API
+ [DeleteServerCertificate](https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteServerCertificate.html)di Referensi IAM API
+ [AWS Certificate Manager Panduan Pengguna](https://docs.aws.amazon.com/acm/latest/userguide/)