ConditionFactory

Constructs a new access policy condition that compares an Amazon S3 canned ACL with the canned ACL specified by an incoming request.

You can use this condition to ensure that any objects uploaded to an Amazon S3 bucket have a specific canned ACL set.

Constructs a new access control policy condition that compares ARNs (Amazon Resource Names).

Constructs a new access policy condition that performs a boolean comparison.

This method is deprecated. Invoking this method results in non-UTC DateTimes not being marshalled correctly. Use NewConditionUtc instead. Constructs a new access policy condition that compares the current time (on the AWS servers) to the specified date.

Constructs a new access policy condition that compares the source IP address of the incoming request to an AWS service against the specified CIDR range. When the condition evaluates to true (i.e. when the incoming source IP address is within the CIDR range or not) depends on the specified IpAddressComparisonType.

Constructs a new access policy condition that compares two numbers.

Constructs a new access control policy condition that compares two strings.

Constructs a new access policy condition that compares the current time (on the AWS servers) to the specified date.

Constructs a new access policy condition that compares the requested endpoint used to subscribe to an Amazon SNS topic with the specified endpoint pattern. The endpoint pattern may optionally contain the multi-character wildcard (*) or the single-character wildcard (?).

For example, this condition can restrict subscriptions to a topic to email addresses in a certain domain ("*@my-company.com").

Policy policy = new Policy("MyTopicPolicy");
policy.WithStatements(new Statement(Statement.StatementEffect.Allow)
       .WithPrincipals(new Principal("*")).WithActionIdentifiers(SNSActionIdentifiers.Subscribe)
       .WithResources(new Resource(myTopicArn))
       .WithConditions(ConditionFactory.NewEndpointCondition("*@my-company.com")));
            

Constructs a new access policy condition that compares the source IP address of the incoming request to an AWS service against the specified CIDR range. The condition evaluates to true (meaning the policy statement containing it will be applied) if the incoming source IP address is within that range.

To achieve the opposite effect (i.e. cause the condition to evaluate to true when the incoming source IP is not in the specified CIDR range) use the alternate constructor form and specify IpAddressComparisonType.NotIpAddress.

Constructs a new AWS access control policy condition that allows an access control statement to restrict subscriptions to an Amazon SNS topic based on the protocol being used for the subscription. For example, this condition can restrict subscriptions to a topic to endpoints using HTTPS to ensure that messages are securely delivered.

Constructs a new access control policy condition that tests if the incoming request was sent over a secure transport (HTTPS).

Constructs a new access policy condition that compares the Amazon Resource Name (ARN) of the source of an AWS resource that is modifying another AWS resource with the specified pattern.

For example, the source ARN could be an Amazon SNS topic ARN that is sending messages to an Amazon SQS queue. In that case, the SNS topic ARN would be compared the ARN pattern specified here.

The endpoint pattern may optionally contain the multi-character wildcard * (*) or the single-character wildcard (?). Each of the six colon-delimited components of the ARN is checked separately and each can include a wildcard.

Policy policy = new Policy("MyQueuePolicy");
policy.WithStatements(new Statement(Statement.StatementEffect.Allow)
    .WithPrincipals(new Principal("*")).WithActionIdentifiers(SQSActionIdentifiers.SendMessage)
    .WithResources(new Resource(myQueueArn))
    .WithConditions(ConditionFactory.NewSourceArnCondition(myTopicArn)));
             

Condition key for the current time.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.DateComparisonType enum.

Condition key for the current time, in epoch seconds.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.NumericComparisonType enum. objects.

Condition key for the referrer specified by a request.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType objects.

Condition key for the canned ACL specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Condition key for the source object specified by a request to copy an object.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Condition key for the delimiter specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Condition key for the location constraint specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Condition key for the max keys specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Condition key for the metadata directive specified by a request to copy an object.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Condition key for the prefix specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Condition key for the version ID of an object version specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Condition key for whether or not an incoming request is using a secure transport to make the request (i.e. HTTPS instead of HTTP).

This condition key should only be used with the boolean overload of NewCondition.

Condition key for The URL, e-mail address, or ARN from a Subscribe request or a previously confirmed subscription. Use with string conditions to restrict access to specific endpoints (e.g., *@mycompany.com).

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Condition key for the protocol value from a Subscribe request or a previously confirmed subscription. Use with string conditions to restrict publication to specific delivery protocols (e.g., HTTPS).

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Condition key for the account id of the source specified in a request.

Condition key for the Amazon Resource Name (ARN) of the source specified in a request. The source ARN indicates which resource is affecting the resource listed in your policy. For example, an SNS topic is the source ARN when publishing messages from the topic to an SQS queue.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.ArnComparisonType enum.

Condition key for the source IP from which a request originates.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.IpAddressComparisonType enum.

Condition key for the user agent included in a request.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.