A bucket policy defines access control over resources (buckets and objects) in OBS.
The size of a bucket policy cannot exceed 20 KB.
Table 1 describes the parameters of bucket policies. All fields except the Effect field are optional.
Parameter |
Description |
Mandatory or Not |
|---|---|---|
Version |
The value can be 2008-10-17. |
Optional |
Id |
The ID of the bucket policy. The value must be unique. |
Optional |
Statement |
The description of the bucket policy. The statement defines complete permission control. Each bucket policy can have multiple statements, and each statement contains the following parameters:
|
Mandatory |
Effect |
Effect of the bucket policy. The statement can be set to accept or reject requests. Possible values are Allow and Deny |
Mandatory |
Sid |
The statement ID. |
Optional |
Principal/NotPrincipal |
Users on whom the bucket policy statement takes effect Either Principal or NotPrincipal must be selected to specify the user on whom the bucket policy statement takes effect or does not take effect. |
Mandatory |
Action/NotAction |
OBS actions which the bucket policy is applied to. Either Action or NotAction must be selected to specify whether the bucket policy applies to the OBS actions. |
Mandatory |
Resource/NotResource |
Objects on which the bucket policy statement takes effect Either Resource or NotResource must be selected to specify whether the bucket policy applies to the OBS resources. |
Mandatory |
Condition |
The conditions under which the bucket policy takes effect |
Optional |
{
"Version":"2008-10-17",
"Id":"Policy1527928945090",
"Statement":[
{
"Sid":"Stmt1527929149040",
"Effect":"Deny",
"Principal":
{
"AWS":[
"*"
]
},
"Action":[
"s3:Put*"
],
"Resource":[
"arn:aws:s3:::bucket-example/*"
]
}
]
}