1 /*
2 * Copyright 2010-2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License").
5 * You may not use this file except in compliance with the License.
6 * A copy of the License is located at
7 *
8 * http://aws.amazon.com/apache2.0
9 *
10 * or in the "license" file accompanying this file. This file is distributed
11 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 * express or implied. See the License for the specific language governing
13 * permissions and limitations under the License.
14 */
15 package com.amazonaws.services.s3.model;
16
17 /**
18 * Specifies constants defining a canned access control list.
19 * <p>
20 * Canned access control lists are commonly used access control lists (ACL) that can be
21 * used as a shortcut when applying an access control list to Amazon S3 buckets
22 * and objects. Only a few commonly used configurations are available, but they
23 * offer an alternative to manually creating a custom ACL. If more specific
24 * access control is desired, users can create a custom {@link AccessControlList}.
25 * </p>
26 *
27 * @see AccessControlList
28 */
29 public enum CannedAccessControlList {
30 /**
31 * Specifies the owner is granted {@link Permission#FullControl}. No one else has access rights.
32 * <p>
33 * This is the default access control policy for any new buckets or objects.
34 * </p>
35 */
36 Private("private"),
37
38 /**
39 * Specifies the owner is granted {@link Permission#FullControl} and the
40 * {@link GroupGrantee#AllUsers} group grantee is granted
41 * {@link Permission#Read} access.
42 * <p>
43 * If this policy is used on an object, it can be read from a browser without
44 * authentication.
45 * </p>
46 */
47 PublicRead("public-read"),
48
49 /**
50 * Specifies the owner is granted {@link Permission#FullControl} and the
51 * {@link GroupGrantee#AllUsers} group grantee is granted
52 * {@link Permission#Read} and {@link Permission#Write} access.
53 * <p>
54 * This access policy is not recommended for general use.
55 * </p>
56 */
57 PublicReadWrite("public-read-write"),
58
59 /**
60 * Specifies the owner is granted {@link Permission#FullControl} and the
61 * {@link GroupGrantee#AuthenticatedUsers} group grantee is granted
62 * {@link Permission#Read} access.
63 */
64 AuthenticatedRead("authenticated-read"),
65
66 /**
67 * Specifies the owner is granted {@link Permission#FullControl} and the
68 * {@link GroupGrantee#LogDelivery} group grantee is granted
69 * {@link Permission#Write} access so that access logs can be delivered.
70 * <p>
71 * Use this access policy to enable Amazon S3 bucket logging for a bucket.
72 * The destination bucket requires these permissions so that access logs can
73 * be delivered.
74 * </p>
75 */
76 LogDeliveryWrite("log-delivery-write"),
77
78 /**
79 * Specifies the owner of the bucket, but not necessarily the same as the owner of the
80 * object, is granted {@link Permission#Read}.
81 * <p>
82 * Use this access policy when uploading objects to another owner's bucket.
83 * This access policy grants the bucket owner read access to the object,
84 * but does not give read access for all users.
85 * </p>
86 */
87 BucketOwnerRead("bucket-owner-read"),
88
89 /**
90 * Specifies the owner of the bucket, but not necessarily the same as the owner of the
91 * object, is granted {@link Permission#FullControl}.
92 * <p>
93 * Use this access policy to upload objects to another owner's bucket. This
94 * access policy grants the bucket owner full access to the object, but does
95 * not give full access to all users.
96 * </p>
97 */
98 BucketOwnerFullControl("bucket-owner-full-control"),
99
100 /**
101 * Specifies the owner is granted {@link Permission#FullControl}. Amazon EC2
102 * is granted {@link Permission#Read} access to GET an Amazon Machine Image
103 * (AMI) bundle from Amazon S3.
104 */
105 AwsExecRead("aws-exec-read");
106
107 /** The Amazon S3 x-amz-acl header value representing the canned acl */
108 private final String cannedAclHeader;
109
110 private CannedAccessControlList(String cannedAclHeader) {
111 this.cannedAclHeader = cannedAclHeader;
112 }
113
114 /**
115 * Returns the Amazon S3 x-amz-acl header value for this canned acl.
116 */
117 public String toString() {
118 return cannedAclHeader;
119 }
120
121 }
122