Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.
# Perubahan API Pembuat Kebijakan IAM dari versi 1 ke versi 2
Topik ini merinci perubahan API Pembuat Kebijakan IAM dari versi 1 (v1) ke versi 2 (v2).
## Perubahan tingkat tinggi
****
| Ubah | v1 | v2 |
| --- | --- | --- |
| Ketergantungan Maven |
com.amazonaws
aws-java-sdk-bom
1.12.5871
pom
import
com.amazonaws
aws-java-sdk-core
|
software.amazon.awssdk
bom
2.27.212
pom
import
software.amazon.awssdk
iam-policy-builder
|
| Nama paket | com.amazonaws.auth.policy | software.amazon.awssdk.policybuilder.iam |
| Nama kelas | [Kebijakan](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Policy.html) [Pernyataan](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Statement.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/sdk-for-java/latest/developer-guide/migration-iam-policy-builder.html) | [IamPolicy](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamPolicy.html) [IamStatement](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamStatement.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/id_id/sdk-for-java/latest/developer-guide/migration-iam-policy-builder.html) |
1 [Versi terbaru](https://central.sonatype.com/artifact/com.amazonaws/aws-java-sdk-bom). 2 [Versi terbaru](https://central.sonatype.com/artifact/software.amazon.awssdk/bom).
## Perubahan API
****
| Pengaturan | v1 | v2 |
| --- | --- | --- |
| Membuat instantiasi kebijakan | Policy policy = new Policy();
| IamPolicy.Builder policyBuilder = IamPolicy.builder();
...
IamPolicy policy = policyBuilder.build();
|
| Tetapkan id | policy.withtId(...);
policy.setId(...);
| policyBuilder.id(...);
|
| Tetapkan versi | N/A - menggunakan versi default 2012-10-17 | policyBuilder.version(...);
|
| Buat pernyataan | Statement statement =
new Statement(Effect.Allow)
.withActions(...)
.withConditions(...)
.withId(...)
.withPrincipals(...)
.withResources(...);
| IamStatement statement =
IamStatement.builder()
.effect(IamEffect.ALLOW)
.actions(...)
.notActions(...)
.conditions(...)
.sid(...)
.principals(...)
.notPrincipals(...)
.resources(...)
.notResources(...)
.build()
|
| Tetapkan pernyataan | policy.withStatements(statement);
policy.setStatements(statement);
| policyBuilder.addStatement(statement);
|
## Perbedaan dalam membangun pernyataan
### Tindakan
#### v1
SDK v1 memiliki [`enum`tipe](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Action.html) untuk tindakan layanan yang mewakili `[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html)` elemen dalam pernyataan kebijakan. `enum`Jenis berikut adalah beberapa contoh.
+ `[IdentityManagementActions](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/actions/IdentityManagementActions.html)`
+ `[DynamoDBv2Actions](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/actions/DynamoDBv2Actions.html)`
+ `[SQSActions](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/actions/SQSActions.html)`
Contoh berikut menunjukkan `SendMessage` konstanta untuk`SQSActions`.
```
Action action = SQSActions.SendMessage;
```
Anda tidak dapat menentukan `[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html)` elemen ke pernyataan di v1.
#### v2
Di v2, [IamAction](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamAction.html)antarmuka mewakili semua tindakan. Untuk menentukan elemen [tindakan khusus layanan](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html), berikan string ke `create` metode seperti yang ditunjukkan pada kode berikut.
```
IamAction action = IamAction.create("sqs:SendMessage");
```
Anda dapat menentukan `[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html)` untuk pernyataan dengan v2 seperti yang ditunjukkan dalam kode berikut.
```
IamAction action = IamAction.create("sqs:SendMessage");
IamStatement.builder().addNotAction(action);
```
### Ketentuan
#### v1
Untuk merepresentasikan kondisi pernyataan, SDK v1 menggunakan subclass dari. [https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Condition.html](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Condition.html)
+ [ArnCondition](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/ArnCondition.html)
+ [BooleanCondition](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/BooleanCondition.html)
+ [DateCondition](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/DateCondition.html)
+ [IpAddressCondition](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/IpAddressCondition.html)
+ [NumericCondition](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/NumericCondition.html)
+ [ StringCondition ](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/StringCondition.html)
Setiap `Condition` subkelas mendefinisikan `enum` tipe perbandingan untuk membantu menentukan kondisi. Misalnya, berikut ini menunjukkan [perbandingan string](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String) *tidak suka* untuk suatu kondisi.
```
Condition condition = new StringCondition(StringComparisonType.StringNotLike, "key", "value");
```
#### v2
Di v2, Anda membuat kondisi untuk pernyataan kebijakan dengan menggunakan `[IamCondition](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamCondition.html)` dan menyediakan`[IamConditionOperator](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamConditionOperator.html)`, yang berisi `enums` untuk semua jenis.
```
IamCondition condition = IamCondition.create(IamConditionOperator.STRING_NOT_LIKE, "key", "value");
```
### Sumber daya
#### v1
`[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html)`Elemen pernyataan kebijakan diwakili oleh `[Resource](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Resource.html)` kelas SDK. Anda menyediakan ARN sebagai string di konstruktor. Subkelas berikut menyediakan konstruktor kenyamanan.
+ [S3 BucketResource](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/resources/S3BucketResource.html)
+ [S3 ObjectResource](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/resources/S3ObjectResource.html)
+ [SQSQueueSumber Daya](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/resources/SQSQueueResource.html)
Di v1, Anda dapat menentukan `[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html)` elemen untuk a `[Resource](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Resource.html)` dengan memanggil `withIsNotType` metode seperti yang ditunjukkan dalam pernyataan berikut.
```
Resource resource = new Resource("arn:aws:s3:::amzn-s3-demo-bucket").withIsNotType(true);
```
#### v2
Di v2, Anda membuat `[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html)` elemen dengan meneruskan ARN ke metode. `IamResource.create`
```
IamResource resource = IamResource.create("arn:aws:s3:::amzn-s3-demo-bucket");
```
Sebuah `[IamResource](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamResource.html)` dapat diatur sebagai *[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html)*elemen seperti yang ditunjukkan dalam cuplikan berikut.
```
IamResource resource = IamResource.create("arn:aws:s3:::amzn-s3-demo-bucket");
IamStatement.builder().addNotResource(resource);
```
`IamResource.ALL`mewakili semua sumber daya.
### Pengguna utama
#### v1
SDK v1 menawarkan `[Principal](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Principal.html)` kelas-kelas berikut untuk mewakili jenis prinsipal yang mencakup semua anggota:
+ `AllUsers`
+ `AllServices`
+ `AllWebProviders`
+ `All`
Anda tidak dapat menambahkan `[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html)` elemen ke pernyataan.
#### v2
Dalam v2, `IamPrincipal.ALL` mewakili semua prinsip:
Untuk mewakili semua anggota dalam jenis kepala sekolah lainnya, gunakan `[IamPrincipalType](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamPrincipalType.html)` kelas saat Anda membuat file. `IamPrincipal`
+ `IamPrincipal.create(IamPrincipalType.AWS,"*")`untuk semua pengguna.
+ `IamPrincipal.create(IamPrincipalType.SERVICE,"*")`untuk semua layanan.
+ `IamPrincipal.create(IamPrincipalType.FEDERATED,"*")`untuk semua penyedia web.
+ `IamPrincipal.create(IamPrincipalType.CANONICAL_USER,"*")`untuk semua pengguna kanonik.
Anda dapat menggunakan `addNotPrincipal` metode untuk mewakili `[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html)` elemen ketika Anda membuat pernyataan kebijakan seperti yang ditunjukkan dalam pernyataan berikut.
```
IamPrincipal principal = IamPrincipal.create(IamPrincipalType.AWS, "arn:aws:iam::444455556666:root");
IamStatement.builder().addNotPrincipal(principal);
```