(JavaScript) Amazon Glacier Set Vault Access Policy

Demonstrates how to set an access policy for a vault (will overwrite the existing policy).

Note

This example is intended for running within a Chilkat.Js embedded JavaScript engine. All Chilkat JavaScript examples require Chilkat v11.4.0 or greater.

var success = false;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

var rest = new CkRest();

// Connect to the Amazon AWS REST server in the desired region.
var bTls = true;
var port = 443;
var bAutoReconnect = true;
success = rest.Connect("glacier.us-west-2.amazonaws.com",port,bTls,bAutoReconnect);

// Provide AWS credentials.
var authAws = new CkAuthAws();
authAws.AccessKey = "AWS_ACCESS_KEY";
authAws.SecretKey = "AWS_SECRET_KEY";
authAws.ServiceName = "glacier";
authAws.Region = "us-west-2";

success = rest.SetAuthAws(authAws);

// --------------------------------------------------------------------------
// Note: The above REST connection and setup of the AWS credentials
// can be done once.  After connecting, any number of REST calls can be made.
// The "auto reconnect" property passed to rest.Connect indicates that if
// the connection is lost, a REST method call will automatically reconnect
// if needed.
// --------------------------------------------------------------------------

// For more information, see Glacier Set Vault Access Policy Reference Documentation
// 
rest.AddHeader("x-amz-glacier-version","2012-06-01");

// Create the following JSON
// Use this online tool to generate the code from sample JSON: 
// Generate Code to Create JSON

// {
//   "Version": "2012-10-17",
//   "Statement": [
//     {
//       "Sid": "Define-owner-access-rights",
//       "Effect": "Allow",
//       "Principal": {
//         "AWS": "arn:aws:iam::AWS_ACCOUNT_ID:root"
//       },
//       "Action": "glacier:DeleteArchive",
//       "Resource": "arn:aws:glacier:us-west-2:AWS_ACCOUNT_ID:vaults/chilkat"
//     }
//   ]
// }

var jsonPolicy = new CkJsonObject();
jsonPolicy.UpdateString("Version","2012-10-17");
jsonPolicy.UpdateString("Statement[0].Sid","Define-owner-access-rights");
jsonPolicy.UpdateString("Statement[0].Effect","Allow");
jsonPolicy.UpdateString("Statement[0].Principal.AWS","arn:aws:iam::AWS_ACCOUNT_ID:root");
jsonPolicy.UpdateString("Statement[0].Action","glacier:DeleteArchive");
// Notice here the name of the vault: "chilkat".  Change it to your vault name.  Also use your actual AWS account ID.
jsonPolicy.UpdateString("Statement[0].Resource","arn:aws:glacier:us-west-2:AWS_ACCOUNT_ID:vaults/chilkat");

// Wrap the above JSON in this JSON:

// {
//    "Policy": "{  ... the above JSON ... }"
// }
var json = new CkJsonObject();
json.UpdateString("Policy",jsonPolicy.Emit());

var sbRequestBody = new CkStringBuilder();
json.EmitSb(sbRequestBody);

var sbResponseBody = new CkStringBuilder();
success = rest.FullRequestSb("PUT","/AWS_ACCOUNT_ID/vaults/chilkat/access-policy",sbRequestBody,sbResponseBody);
if (success !== true) {
    console.log(rest.LastErrorText);
    return;
}

var respStatusCode = rest.ResponseStatusCode;
if (respStatusCode >= 400) {
    console.log("Response Status Code = " + respStatusCode);
    console.log("Response Header:");
    console.log(rest.ResponseHeader);
    console.log("Response Body:");
    console.log(sbResponseBody.GetAsString());
    return;
}

// Success is indicated by a 204 response status with an empty response body.
console.log("response status code = " + respStatusCode);