請注意:Amazon WorkDocs 不再提供新客戶註冊和帳戶升級。在此處了解遷移步驟:如何從 Amazon WorkDocs 遷移資料
本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
透過擔任角色連線至 Amazon WorkDocs
此範例使用 AWS Java 開發套件擔任角色,並使用角色的臨時安全登入資料來存取 Amazon WorkDocs。程式碼範例使用 DescribeFolderContents API 來列出使用者資料夾中的項目。
import java.util.ArrayList; import java.util.List; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.auth.BasicAWSCredentials; import com.amazonaws.auth.BasicSessionCredentials; import com.amazonaws.regions.Regions; import com.amazonaws.services.securitytoken.AWSSecurityTokenService; import com.amazonaws.services.securitytoken.AWSSecurityTokenServiceClientBuilder; import com.amazonaws.services.securitytoken.model.AssumeRoleRequest; import com.amazonaws.services.securitytoken.model.AssumeRoleResult; import com.amazonaws.services.workdocs.AmazonWorkDocs; import com.amazonaws.services.workdocs.AmazonWorkDocsClient; import com.amazonaws.services.workdocs.model.DescribeFolderContentsRequest; import com.amazonaws.services.workdocs.model.DescribeFolderContentsResult; import com.amazonaws.services.workdocs.model.DocumentMetadata; import com.amazonaws.services.workdocs.model.FolderMetadata; public class AssumeRoleDemo { private static final String DEMO_ROLE_ARN = "arn:aws:iam::111122223333:role/workdocs-readonly-role"; private static AmazonWorkDocs workDocs; public static void main(String[] args) throws Exception { AWSCredentials longTermCredentials = new BasicAWSCredentials("accessKey", "secretKey"); // Use developer’s long-term credentials to call the AWS Security Token Service (STS) // AssumeRole API, specifying the ARN for the role workdocs-readonly-role in // 3rd party AWS account. AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(longTermCredentials)) .withRegion(Regions.DEFAULT_REGION.getName()).build();; // If you are accessing a 3rd party account, set ExternalId // on assumeRequest using the withExternalId() function. AssumeRoleRequest assumeRequest = new AssumeRoleRequest().withRoleArn(DEMO_ROLE_ARN).withDurationSeconds(3600) .withRoleSessionName("demo"); AssumeRoleResult assumeResult = stsClient.assumeRole(assumeRequest); // AssumeRole returns temporary security credentials for the // workdocs-readonly-role BasicSessionCredentials temporaryCredentials = new BasicSessionCredentials(assumeResult.getCredentials().getAccessKeyId(), assumeResult .getCredentials().getSecretAccessKey(), assumeResult.getCredentials().getSessionToken()); // Build WorkDocs client using the temporary credentials. workDocs = AmazonWorkDocsClient.builder() .withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)) .withRegion(Regions.US_WEST_2).build(); // Invoke WorkDocs service calls using the temporary security credentials // obtained for workdocs-readonly-role. In this case a call has been made // to get metadata of Folders and Documents present in a user’s root folder. describeFolder("root-folder-id"); } private static void describeFolder(String folderId) { DescribeFolderContentsRequest request = new DescribeFolderContentsRequest(); request.setFolderId(folderId); request.setLimit(2); List<DocumentMetadata> documents = new ArrayList<>(); List<FolderMetadata> folders = new ArrayList<>(); String marker = null; do { request.setMarker(marker); DescribeFolderContentsResult result = workDocs.describeFolderContents(request); documents.addAll(result.getDocuments()); folders.addAll(result.getFolders()); marker = result.getMarker(); } while (marker != null); for (FolderMetadata folder : folders) System.out.println("Folder:" + folder.getName()); for (DocumentMetadata document : documents) System.out.println("Document:" + document.getLatestVersionMetadata().getName()); } }
