本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# IAM 政策建置器 API 從第 1 版變更為第 2 版
本主題詳細說明 IAM 政策建置器 API 從第 1 版 (v1) 到第 2 版 (v2) 的變更。
## 高階變更
****
| 變更 | v1 | v2 |
| --- | --- | --- |
| Maven 相依性 |
com.amazonaws
aws-java-sdk-bom
1.12.5871
pom
import
com.amazonaws
aws-java-sdk-core
|
software.amazon.awssdk
bom
2.27.212
pom
import
software.amazon.awssdk
iam-policy-builder
|
| 套件名稱 | com.amazonaws.auth.policy | software.amazon.awssdk.policybuilder.iam |
| 類別名稱 | [政策](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Policy.html) [Statement](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Statement.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_tw/sdk-for-java/latest/developer-guide/migration-iam-policy-builder.html) | [IamPolicy](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamPolicy.html) [IamStatement](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamStatement.html) [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_tw/sdk-for-java/latest/developer-guide/migration-iam-policy-builder.html) |
1 [最新版本](https://central.sonatype.com/artifact/com.amazonaws/aws-java-sdk-bom)。 2 [最新版本](https://central.sonatype.com/artifact/software.amazon.awssdk/bom)。
## API 變更
****
| 設定 | v1 | v2 |
| --- | --- | --- |
| 執行個體化政策 | Policy policy = new Policy();
| IamPolicy.Builder policyBuilder = IamPolicy.builder();
...
IamPolicy policy = policyBuilder.build();
|
| 設定 ID | policy.withtId(...);
policy.setId(...);
| policyBuilder.id(...);
|
| 設定版本 | 不適用 - 使用預設版本的 2012-10-17 | policyBuilder.version(...);
|
| 建立陳述式 | Statement statement =
new Statement(Effect.Allow)
.withActions(...)
.withConditions(...)
.withId(...)
.withPrincipals(...)
.withResources(...);
| IamStatement statement =
IamStatement.builder()
.effect(IamEffect.ALLOW)
.actions(...)
.notActions(...)
.conditions(...)
.sid(...)
.principals(...)
.notPrincipals(...)
.resources(...)
.notResources(...)
.build()
|
| 設定陳述式 | policy.withStatements(statement);
policy.setStatements(statement);
| policyBuilder.addStatement(statement);
|
## 建置陳述式的差異
### 動作
#### v1
v1 SDK 具有代表政策陳述式中`[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html)`元素的服務動作[`enum`類型](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Action.html)。以下是`enum`一些範例。
+ `[IdentityManagementActions](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/actions/IdentityManagementActions.html)`
+ `[DynamoDBv2Actions](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/actions/DynamoDBv2Actions.html)`
+ `[SQSActions](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/actions/SQSActions.html)`
下列範例顯示 的`SendMessage`常數`SQSActions`。
```
Action action = SQSActions.SendMessage;
```
您無法在 v1 中指定陳述式的`[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html)`元素。
#### v2
在 v2 中,[IamAction](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamAction.html) 界面代表所有動作。若要指定[服務特定的動作](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_action.html)元素,請將字串傳遞至 `create`方法,如下列程式碼所示。
```
IamAction action = IamAction.create("sqs:SendMessage");
```
您可以`[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notaction.html)`為 v2 的陳述式指定 ,如下列程式碼所示。
```
IamAction action = IamAction.create("sqs:SendMessage");
IamStatement.builder().addNotAction(action);
```
### 條件
#### v1
為了表示陳述式條件,v1 SDK 使用 的子類別[https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Condition.html](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Condition.html)。
+ [ArnCondition](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/ArnCondition.html)
+ [BooleanCondition](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/BooleanCondition.html)
+ [DateCondition](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/DateCondition.html)
+ [IpAddressCondition](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/IpAddressCondition.html)
+ [NumericCondition](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/NumericCondition.html)
+ [ StringCondition ](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/conditions/StringCondition.html)
每個`Condition`子類別都會定義比較`enum`類型,以協助定義條件。例如,以下顯示*不同於*條件的[字串比較](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html#Conditions_String)。
```
Condition condition = new StringCondition(StringComparisonType.StringNotLike, "key", "value");
```
#### v2
在 v2 中,您可以使用 為政策陳述式建置條件,`[IamCondition](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamCondition.html)`並提供 `[IamConditionOperator](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamConditionOperator.html)`,其中包含`enums`所有類型的 。
```
IamCondition condition = IamCondition.create(IamConditionOperator.STRING_NOT_LIKE, "key", "value");
```
### Resources
#### v1
政策陳述式的 `[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html)` 元素由 SDK 的 `[Resource](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Resource.html)`類別表示。您可以在建構函數中提供 ARN 做為字串。下列子類別提供方便的建構函式。
+ [S3BucketResource](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/resources/S3BucketResource.html)
+ [S3ObjectResource](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/resources/S3ObjectResource.html)
+ [SQSQueueResource](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/resources/SQSQueueResource.html)
在 v1 中,您可以`[Resource](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Resource.html)`呼叫 `withIsNotType`方法來指定 的 `[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html)` 元素,如下列陳述式所示。
```
Resource resource = new Resource("arn:aws:s3:::amzn-s3-demo-bucket").withIsNotType(true);
```
#### v2
在 v2 中,您將 ARN 傳遞至 `IamResource.create`方法來建立 `[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_resource.html)`元素。
```
IamResource resource = IamResource.create("arn:aws:s3:::amzn-s3-demo-bucket");
```
`[IamResource](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamResource.html)` 可以設定為*[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notresource.html)*元素,如下列程式碼片段所示。
```
IamResource resource = IamResource.create("arn:aws:s3:::amzn-s3-demo-bucket");
IamStatement.builder().addNotResource(resource);
```
`IamResource.ALL` 代表所有資源。
### 主體
#### v1
v1 SDK 提供下列`[Principal](https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/policy/Principal.html)`類別,代表包含所有成員的主體類型:
+ `AllUsers`
+ `AllServices`
+ `AllWebProviders`
+ `All`
您無法將`[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html)`元素新增至陳述式。
#### v2
在 v2 中, `IamPrincipal.ALL`代表所有主體:
若要代表其他類型委託人中的所有成員,請在建立 時使用 `[IamPrincipalType](https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/policybuilder/iam/IamPrincipalType.html)`類別`IamPrincipal`。
+ `IamPrincipal.create(IamPrincipalType.AWS,"*")` 適用於所有使用者。
+ `IamPrincipal.create(IamPrincipalType.SERVICE,"*")` 適用於所有 服務。
+ `IamPrincipal.create(IamPrincipalType.FEDERATED,"*")` 適用於所有 Web 供應商。
+ `IamPrincipal.create(IamPrincipalType.CANONICAL_USER,"*")` 適用於所有正式使用者。
當您建立政策陳述式時,您可以使用 `addNotPrincipal`方法代表`[https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_notprincipal.html)`元素,如下列陳述式所示。
```
IamPrincipal principal = IamPrincipal.create(IamPrincipalType.AWS, "arn:aws:iam::444455556666:root");
IamStatement.builder().addNotPrincipal(principal);
```