AWS SDK Version 2 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

.NET Framework 4.5
 
 
A factory for creating conditions to be used in the policy.

Inheritance Hierarchy

System.Object
  Amazon.Auth.AccessControlPolicy.ConditionFactory

Namespace: Amazon.Auth.AccessControlPolicy
Assembly: AWSSDK.dll
Version: (assembly version)

Syntax

C# 
public static class ConditionFactory : Object

The ConditionFactory type exposes the following members

Methods

NameDescription
Public Method Static Method NewCannedACLCondition(S3CannedACL) Constructs a new access policy condition that compares an Amazon S3 canned ACL with the canned ACL specified by an incoming request.

You can use this condition to ensure that any objects uploaded to an Amazon S3 bucket have a specific canned ACL set.

Public Method Static Method NewCondition(ArnComparisonType, string, string)
Public Method Static Method NewCondition(string, bool) Constructs a new access policy condition that performs a boolean comparison.
Public Method Static Method NewCondition(DateComparisonType, DateTime)
Public Method Static Method NewCondition(IpAddressComparisonType, string)
Public Method Static Method NewCondition(NumericComparisonType, string, string)
Public Method Static Method NewCondition(StringComparisonType, string, string)
Public Method Static Method NewEndpointCondition(string) Constructs a new access policy condition that compares the requested endpoint used to subscribe to an Amazon SNS topic with the specified endpoint pattern. The endpoint pattern may optionally contain the multi-character wildcard (*) or the single-character wildcard (?).

For example, this condition can restrict subscriptions to a topic to email addresses in a certain domain ("*@my-company.com"). 

Policy policy = new Policy("MyTopicPolicy");
policy.WithStatements(new Statement(Statement.StatementEffect.Allow)
       .WithPrincipals(new Principal("*")).WithActionIdentifiers(SNSActionIdentifiers.Subscribe)
       .WithResources(new Resource(myTopicArn))
       .WithConditions(ConditionFactory.NewEndpointCondition("*@my-company.com")));
Public Method Static Method NewIpAddressCondition(string) Constructs a new access policy condition that compares the source IP address of the incoming request to an AWS service against the specified CIDR range. The condition evaluates to true (meaning the policy statement containing it will be applied) if the incoming source IP address is within that range.

To achieve the opposite effect (i.e. cause the condition to evaluate to true when the incoming source IP is not in the specified CIDR range) use the alternate constructor form and specify IpAddressComparisonType.NotIpAddress.

Public Method Static Method NewProtocolCondition(string) Constructs a new AWS access control policy condition that allows an access control statement to restrict subscriptions to an Amazon SNS topic based on the protocol being used for the subscription. For example, this condition can restrict subscriptions to a topic to endpoints using HTTPS to ensure that messages are securely delivered.
Public Method Static Method NewSecureTransportCondition() Constructs a new access control policy condition that tests if the incoming request was sent over a secure transport (HTTPS).
Public Method Static Method NewSourceArnCondition(string) Constructs a new access policy condition that compares the Amazon Resource Name (ARN) of the source of an AWS resource that is modifying another AWS resource with the specified pattern.

For example, the source ARN could be an Amazon SNS topic ARN that is sending messages to an Amazon SQS queue. In that case, the SNS topic ARN would be compared the ARN pattern specified here.

The endpoint pattern may optionally contain the multi-character wildcard * (*) or the single-character wildcard (?). Each of the six colon-delimited components of the ARN is checked separately and each can include a wildcard. 

Policy policy = new Policy("MyQueuePolicy");
policy.WithStatements(new Statement(Statement.StatementEffect.Allow)
    .WithPrincipals(new Principal("*")).WithActionIdentifiers(SQSActionIdentifiers.SendMessage)
    .WithResources(new Resource(myQueueArn))
    .WithConditions(ConditionFactory.NewSourceArnCondition(myTopicArn)));

Fields

NameTypeDescription
Field Static Field CURRENT_TIME_CONDITION_KEY System.String Condition key for the current time.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.DateComparisonType enum.

Field Static Field EPOCH_TIME_CONDITION_KEY System.String Condition key for the current time, in epoch seconds.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.NumericComparisonType enum. objects.

Field Static Field REFERRER_CONDITION_KEY System.String Condition key for the referrer specified by a request.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType objects.

Field Static Field S3_CANNED_ACL_CONDITION_KEY System.String Condition key for the canned ACL specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Field Static Field S3_COPY_SOURCE_CONDITION_KEY System.String Condition key for the source object specified by a request to copy an object.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Field Static Field S3_DELIMITER_CONDITION_KEY System.String Condition key for the delimiter specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Field Static Field S3_LOCATION_CONSTRAINT_CONDITION_KEY System.String Condition key for the location constraint specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Field Static Field S3_MAX_KEYS_CONDITION_KEY System.String Condition key for the max keys specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Field Static Field S3_METADATA_DIRECTIVE_CONDITION_KEY System.String Condition key for the metadata directive specified by a request to copy an object.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Field Static Field S3_PREFIX_CONDITION_KEY System.String Condition key for the prefix specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Field Static Field S3_VERSION_ID_CONDITION_KEY System.String Condition key for the version ID of an object version specified by a request.

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Field Static Field SECURE_TRANSPORT_CONDITION_KEY System.String Condition key for whether or not an incoming request is using a secure transport to make the request (i.e. HTTPS instead of HTTP).

This condition key should only be used with the boolean overload of NewCondition.

Field Static Field SNS_ENDPOINT_CONDITION_KEY System.String Condition key for The URL, e-mail address, or ARN from a Subscribe request or a previously confirmed subscription. Use with string conditions to restrict access to specific endpoints (e.g., *@mycompany.com).

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Field Static Field SNS_PROTOCOL_CONDITION_KEY System.String Condition key for the protocol value from a Subscribe request or a previously confirmed subscription. Use with string conditions to restrict publication to specific delivery protocols (e.g., HTTPS).

This condition key may only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Field Static Field SOURCE_ARN_CONDITION_KEY System.String Condition key for the Amazon Resource Name (ARN) of the source specified in a request. The source ARN indicates which resource is affecting the resource listed in your policy. For example, an SNS topic is the source ARN when publishing messages from the topic to an SQS queue.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.ArnComparisonType enum.

Field Static Field SOURCE_IP_CONDITION_KEY System.String Condition key for the source IP from which a request originates.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.IpAddressComparisonType enum.

Field Static Field USER_AGENT_CONDITION_KEY System.String Condition key for the user agent included in a request.

This condition key should only be used with Amazon.Auth.AccessControlPolicy.ConditionFactory.StringComparisonType enum.

Version Information

.NET Framework:
Supported in: 4.5, 4.0, 3.5