Class ArnCondition

java.lang.Object
com.amazonaws.auth.policy.Condition
com.amazonaws.auth.policy.conditions.ArnCondition

public class ArnCondition extends Condition
AWS access control policy condition that allows an access control statement to be conditionally applied based on the comparison of an Amazon Resource Name (ARN).

An Amazon Resource Name (ARN) takes the following format: arn:aws:<vendor>:<region>:<namespace>:<relative-id>

  • vendor identifies the AWS product (e.g., sns)
  • region is the AWS Region the resource resides in (e.g., us-east-1), if any
  • namespace is the AWS account ID with no hyphens (e.g., 123456789012)
  • relative-id is the service specific portion that identifies the specific resource

For example, an Amazon SQS queue might be addressed with the following ARN: arn:aws:sqs:us-east-1:987654321000:MyQueue

Currently the only valid condition key to use in an ARN condition is ConditionFactory.SOURCE_ARN_CONDITION_KEY, which indicates the source resource that is modifying another resource, for example, an SNS topic is the source ARN when publishing messages from the topic to an SQS queue.