tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Cloud Object Storage
    Documentation
    Download PDF

    Bucket Policy

    Last updated: 2024-02-02 17:35:19
    Download PDF

      Overview

      This document provides an overview of APIs and SDK code samples related to bucket policies.
      API
      Operation
      Description
      Setting a bucket policy
      Sets a permission policy for a specified bucket
      Querying a bucket policy
      Queries the permission policy of a specified bucket
      Deleting a bucket policy
      Deletes the permission policy of a specified bucket

      Setting a bucket policy

      Feature description

      This API is used to set permission policies for a specified bucket.

      Sample request

      cos.putBucketPolicy({
          Bucket: 'examplebucket-1250000000', /*Required*/
          Region: 'COS_REGION',     /* Bucket region. Required */
          Policy: {
              "version": "2.0",
              "Statement": [{
                  "Effect": "allow",
                  "Principal": {
                      "qcs": ["qcs::cam::uin/100000000001:uin/100000000001"]
                  },
                  "Action": [
                      "name/cos:PutObject",
                      "name/cos:InitiateMultipartUpload",
                      "name/cos:ListMultipartUploads",
                      "name/cos:ListParts",
                      "name/cos:UploadPart",
                      "name/cos:CompleteMultipartUpload"
                  ],
                  "Resource": ["qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*"],
              }]
          },
      }, function(err, data) {
          console.log(err || data);
      });

      Parameter description

      Parameter Name
      Description
      Type
      Required
      Bucket
      Bucket for which the bucket policy is configured in the format: BucketName-APPID
      String
      Yes
      Region
      Bucket region. For the enumerated values, see Regions and Access Domain Names
      String
      Yes
      Policy
      Permission policy. For more information, see Cloud Access Management Practices > Policy Syntax
      Object
      Yes
      - version
      Version number, fixed as 2.0
      String
      Yes
      - statement
      List of permission policy statements
      ObjectArray
      Yes
      - - effect
      Effect; enumerated values: allow, deny
      String
      Yes
      - - principal
      Identity information
      ObjectArray
      Yes
      - - - qcs
      ID string
      Format: qcs::cam::uin/100000000001:uin/100000000011
      Here, 100000000001 is a root account, while 100000000011 is a sub-account
      String
      Yes
      - - action
      List of related actions subject to the policy. Wildcard * is supported
      StringArray
      Yes
      - - resource
      List of resource identification strings.
      Format: qcs::cos:<Region>:uid/<AppId>:<ShortBucketName>/*.
      Example: qcs::cos:ap-beijing:uid/1250000000:examplebucket/*
      StringArray
      Yes
      - - condition
      Constraints, can be left blank. For details, see Condition
      String
      No

      Callback function description

      function(err, data) { ... }
      Parameter Name
      Description
      Type
      err
      Object returned when an error (network error or service error) occurs. If the request is successful, this is null. For more information, see Error Codes
      Object
      - statusCode
      HTTP status code returned by the request, such as 200, 403, and 404
      Number
      - headers
      Headers returned by the request
      Object
      data
      Data returned when the request is successful. If the request fails, this is null
      Object
      - statusCode
      HTTP status code returned by the request, such as 200, 403, and 404
      Number
      - headers
      Headers returned by the request
      Object

      Querying a bucket policy

      Feature description

      This API is used to query the permission policies of a specified bucket.

      Sample request

      cos.getBucketPolicy({
          Bucket: 'examplebucket-1250000000', /*Required*/
          Region: 'COS_REGION',     /* Bucket region. Required */
      }, function(err, data) {
          console.log(err || data);
      });

      Sample response

      {
          "Policy": {
              "version": "2.0",
              "Statement": [{
                  "Action": [
                      "name/cos:PutObject",
                      "name/cos:InitiateMultipartUpload",
                      "name/cos:ListMultipartUploads",
                      "name/cos:ListParts",
                      "name/cos:UploadPart",
                      "name/cos:CompleteMultipartUpload"
                  ],
                  "Effect": "allow",
                  "Principal": {
                      "qcs": ["qcs::cam::uin/100000000001:uin/100000000001"]
                  },
                  "Resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/*"],
                  "Sid": "costs-1539833197000000307620-46518-39"
              }]
          },
          "statusCode": 200,
          "headers": {}
      }

      Parameter description

      Parameter Name
      Description
      Type
      Required
      Bucket
      Bucket for which the bucket policy is queried in the format: BucketName-APPID
      String
      Yes
      Region
      Bucket region. For the enumerated values, see Regions and Access Domain Names
      String
      Yes

      Callback function description

      function(err, data) { ... }
      Parameter Name
      Description
      Type
      err
      Object returned when an error (network error or service error) occurs. If the request is successful, this is null. For more information, see Error Codes
      Object
      data
      Data returned when the request is successful. If the request fails, this is null
      Object
      - Policy
      Permission policy. For more information, see Cloud Access Management Practices > Policy Syntax
      Object
      - - version
      Version number, fixed as 2.0
      String
      - - statement
      List of permission policy statements
      ObjectArray
      - - - effect
      Effect; enumerated values: allow, deny
      String
      - - - principal
      Identity information
      ObjectArray
      - - - - qcs
      ID string.
      Format: qcs::cam::uin/100000000001:uin/100000000011.
      100000000001 is a root account, while 100000000011 is a sub-account
      String
      - - - action
      List of related actions subject to the policy. Wildcard * is supported
      StringArray
      - - - resource
      List of resource identification strings.
      Format: qcs::cos:<Region>:uid/<AppId>:<ShortBucketName>/*
      Example: qcs::cos:ap-beijing:uid/1250000000:examplebucket/*
      StringArray
      - - condition
      Constraints, can be left blank. For details, see Condition
      ObjectArray

      Deleting a bucket policy

      Feature description

      This API is used to delete the permission policy of a specified bucket.
      Only the Bucket owner is allowed to initiate this request. You will receive a "204 No Content" error if the permission policy does not exist.

      Sample request

      cos.deleteBucketPolicy({
          Bucket: 'examplebucket-1250000000', /*Required*/
          Region: 'COS_REGION',     /* Bucket region. Required */
      }, function(err, data) {
          console.log(err || data);
      });

      Parameter description

      Parameter Name
      Description
      Type
      Required
      Bucket
      Bucket for which the bucket policy is deleted in the format: BucketName-APPID
      String
      Yes
      Region
      Bucket region. For the enumerated values, see Regions and Access Domain Names
      String
      Yes

      Callback function description

      function(err, data) { ... }
      Parameter Name
      Description
      Type
      err
      Object returned when an error (network error or service error) occurs. If the request is successful, this is null. For more information, see Error Codes
      Object
      - statusCode
      HTTP status code returned by the request, such as 200, 403, and 404
      Number
      - headers
      Headers returned by the request
      Object
      data
      Data returned when the request is successful. If the request fails, this is null
      Object
      - statusCode
      HTTP status code returned by the request, such as 200, 403, and 404
      Number
      - headers
      Headers returned by the request
      Object
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy