tencent cloud

All product documents
Cloud Object Storage
DocumentationCloud Object StorageSDK DocumentationNode.js SDKCloud Access ManagementBucket Policy
Bucket Policy
Download PDF
Last updated: 2024-02-04 11:37:32
Bucket Policy
Last updated: 2024-02-04 11:37:32
Download PDF

Overview

This document provides an overview of APIs and SDK code samples related to bucket policies.
API
Operation
Description
Setting a bucket policy
Sets a permission policy for a specified bucket
Querying a bucket policy
Queries the permission policy of a specified bucket
Deleting a bucket policy
Deletes the permission policy of a specified bucket

Setting a bucket policy

Feature description

This API is used to set permission policies for a specified bucket.

Sample request

cos.putBucketPolicy({
    Bucket: 'examplebucket-1250000000', /*Required*/
    Region: 'COS_REGION',     /* Bucket region. Required */
    Policy: {
        "version": "2.0",
        "Statement": [{
            "Effect": "allow",
            "Principal": {
                "qcs": ["qcs::cam::uin/100000000001:uin/100000000001"]
            },
            "Action": [
                "name/cos:PutObject",
                "name/cos:InitiateMultipartUpload",
                "name/cos:ListMultipartUploads",
                "name/cos:ListParts",
                "name/cos:UploadPart",
                "name/cos:CompleteMultipartUpload"
            ],
            "Resource": ["qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*"],
        }]
    },
}, function(err, data) {
    console.log(err || data);
});

Parameter description

Parameter Name
Description
Type
Required
Bucket
Bucket for which the bucket policy is configured in the format: BucketName-APPID
String
Yes
Region
Bucket region. For the enumerated values, see Regions and Access Domain Names
String
Yes
Policy
Permission policy. For more information, see Cloud Access Management Practices > Policy Syntax
Object
Yes
- version
Version number, fixed as 2.0
String
Yes
- statement
List of permission policy statements
ObjectArray
Yes
- - effect
Effect; enumerated values: allow, deny
String
Yes
- - principal
Identity information
ObjectArray
Yes
- - - qcs
ID string
Format: qcs::cam::uin/100000000001:uin/100000000011
Here, 100000000001 is a root account, while 100000000011 is a sub-account
String
Yes
- - action
List of related actions subject to the policy. Wildcard * is supported
StringArray
Yes
- - resource
List of resource identification strings.
Format: qcs::cos:<Region>:uid/<AppId>:<ShortBucketName>/*
Example: qcs::cos:ap-beijing:uid/1250000000:examplebucket/*
StringArray
Yes
- - condition
Constraints; can be left blank. For details, see Element Reference.
String
No

Callback function description

function(err, data) { ... }
Parameter
Description
Type
err
Object returned when an error (network error or service error) occurs. If the request is successful, this is null. For more information, see Error Codes.
Object
- statusCode
HTTP status code returned by the request, such as 200, 403, and 404
Number
- headers
Header information returned by the request
Object
data
Data returned when the request is successful. If the request fails, this is null.
Object
- statusCode
HTTP status code returned by the request, such as 200, 403, and 404
Number
- headers
Header information returned by the request
Object

Querying a bucket policy

Feature description

This API is used to query the permission policies of a specified bucket.

Sample request

cos.getBucketPolicy({
    Bucket: 'examplebucket-1250000000', /*Required*/
    Region: 'COS_REGION',     /* Bucket region. Required */
}, function(err, data) {
    console.log(err || data);
});

Sample response

{
    "Policy": {
        "version": "2.0",
        "Statement": [{
            "Action": [
                "name/cos:PutObject",
                "name/cos:InitiateMultipartUpload",
                "name/cos:ListMultipartUploads",
                "name/cos:ListParts",
                "name/cos:UploadPart",
                "name/cos:CompleteMultipartUpload"
            ],
            "Effect": "allow",
            "Principal": {
                "qcs": ["qcs::cam::uin/100000000001:uin/100000000001"]
            },
            "Resource": ["qcs::cos:ap-beijing:uid/1250000000:examplebucket-1250000000/*"],
            "Sid": "costs-1539833197000000307620-46518-39"
        }]
    },
    "statusCode": 200,
    "headers": {}
}

Parameter description

Parameter Name
Description
Type
Required
Bucket
Bucket for which the permission policy is queried in the format: BucketName-APPID
String
Yes
Region
Bucket region. For the enumerated values, see Regions and Access Domain Names
String
Yes

Callback function description

function(err, data) { ... }
Parameter Name
Description
Type
err
Object returned when an error (network error or service error) occurs. If the request is successful, this is null. For more information, see Error Codes.
Object
data
Data returned when the request is successful. If the request fails, this is null.
Object
- Policy
Permission policy. For more information, see Cloud Access Management Practices > Policy Syntax
Object
- - version
Version number, fixed as 2.0
String
- - statement
List of permission policy statements
ObjectArray
- - - effect
Effect; enumerated values: allow, deny
String
- - - principal
Identity information
ObjectArray
- - - - qcs
ID string.
Format: qcs::cam::uin/100000000001:uin/100000000011.
100000000001 is a root account, while 100000000011 is a sub-account
String
- - - action
List of related actions subject to the policy. Wildcard * is supported
StringArray
- - - resource
List of resource identification strings.
Format: qcs::cos:<Region>:uid/<AppId>:<ShortBucketName>/*
Example: qcs::cos:ap-beijing:uid/1250000000:examplebucket/*
StringArray
- - - condition
Constraints; can be left blank. For details, see Condition.
ObjectArray

Deleting a bucket policy

Feature description

This API is used to delete the permission policy of a specified bucket.
Only the Bucket owner is allowed to initiate this request. You will receive a "204 No Content" error if the permission policy does not exist.

Sample request

cos.deleteBucketPolicy({
    Bucket: 'examplebucket-1250000000', /*Required*/
    Region: 'COS_REGION',     /* Bucket region. Required */
}, function(err, data) {
    console.log(err || data);
});

Parameter description

Parameter Name
Description
Type
Required
Bucket
Bucket for which the permission policy is deleted in the format: BucketName-APPID
String
Yes
Region
Bucket region. For the enumerated values, see Regions and Access Domain Names
String
Yes

Callback function description

function(err, data) { ... }
Parameter Name
Description
Type
err
Object returned when an error (network error or service error) occurs. If the request is successful, this is null. For more information, see Error Codes.
Object
- statusCode
HTTP status code returned by the request, such as 200, 403, and 404
Number
- headers
Header information returned by the request
Object
data
Data returned when the request is successful. If the request fails, this is null.
Object
- statusCode
HTTP status code returned by the request, such as 200, 403, and 404
Number
- headers
Header information returned by the request
Object

Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback

Contact Us

Contact our sales team or business advisors to help your business.

Contact Us
Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

Submit a Ticket
7x24 Phone Support
Hong Kong, China
+852 800 906 020 (Toll Free)
United States
+1 844 606 0804 (Toll Free)
United Kingdom
+44 808 196 4551 (Toll Free)
Canada
+1 888 605 7930 (Toll Free)
Australia
+61 1300 986 386 (Toll Free)
EdgeOne hotline
+852 300 80699
More local hotlines coming soon