Cloud Object Storage
- Release Notes and Announcements
- Announcements
- Product Introduction
- Purchase Guide
- Billing Method
- Billable Items
- Metadata Acceleration Fees
- Data Processing Fees
- Getting Started
- Console Guide
- Bucket Management
- Domain Name Management
- Object Management
- Folder Management
- Monitoring Reports
- Data Processing
- Image Processing
- File Processing
- Media Processing
- Function Service
- Content Moderation
- Automatic Moderation
- Historical data moderation
- Data Processing Workflow
- User Tools
- COSBrowser
- COSCLI (Beta)
- Common Commands
- Online Auxiliary Tools
- Practical Tutorial
- Access Control and Permission Management
- Performance Optimization
- Data Migration
- Data Disaster Recovery and Backup
- Domain Name Management Practice
- Image Processing
- Audio/Video Practices
- Direct Data Upload
- Content Moderation
- Data Verification
- Big Data Practice
- Using COS in the Third-party Applications
- Developer Guide
- Creating Request
- Object
- Uploading Object
- Downloading Object
- Copying Objects
- Deleting Objects
- Data Management
- Lifecycle Management
- Data Disaster Recovery
- Versioning
- Using Versioning
- Cross-Bucket Replication
- Data Security
- Cloud Access Management
- Access Permission Configuration Description
- Access Control Overview
- Access Control Methods
- Access Policy Language
- Using CDN to Accelerate Access
- Batch Operation
- Performing Batch Operation
- Global Acceleration
- Data Workflow
- Data Lake Storage
- Cloud Native Datalake Storage
- Metadata Accelerator
- Big Data Security
- GooseFS
- Key Features
- Deployment Guide
- OPS Guide
- Logging Guide
- Data Processing
- Image Processing
- Media Processing
- Troubleshooting
- Resource Access Error
- API Documentation
- Service APIs
- Bucket APIs
- Basic Operations
- Access Control List (acl)
- Cross-Origin Resource Sharing (cors)
- Bucket Policy (policy)
- Hotlink Protection (referer)
- Static Website (website)
- Intelligent Tiering
- Bucket inventory(inventory)
- Cross-Bucket Replication(replication)
- Log Management(logging)
- Global Acceleration (Accelerate)
- Bucket Encryption (encryption)
- Custom Domain Name (Domain)
- Origin-Pull (Origin)
- Object APIs
- Basic Operations
- Access Control List (acl)
- Multipart Upload
- Batch Operation APIs
- Data Processing APIs
- Image Processing
- Basic Image Processing
- AI-Based Content Recognition
- Queue APIs
- Service Configuration
- Media Processing
- Media Screenshot API
- Media Information API
- Private M3U8 API
- File Processing
- File Transcoding
- Async Processing Job APIs
- Async Processing Queue APIs
- File Processing
- Hash Calculation
- File Decompression
- Multi-File Zipping
- Job and Workflow
- Workflow APIs
- Workflow Instance
- Job APIs
- Media Processing
- Canceling Media Processing Job
- Querying Media Processing Job
- Media Processing Job Callback
- Image Processing
- Submit Image Processing Job
- Canceling Image Processing Job
- Querying Image Processing Job
- Multi-Job Processing
- Submitting Multiple Jobs
- AI-Based Content Recognition
- Submitting Content Recognition Job
- Querying Content Recognition Job
- Content Recognition Job Callback
- Sync Media Processing
- Media Screenshot API
- Template APIs
- Media Processing
- Creating Media Processing Template
- Deleting Media Processing Template
- Querying Media Processing Template
- Updating Media Processing Template
- AI-Based Content Recognition
- Creating AI-Based Content Recognition Template
- Querying AI-Based Content Recognition Template
- Updating AI-Based Content Recognition Template
- Batch Job APIs
- Callback Content
- Appendix
- Content Moderation APIs
- Image Moderation
- Video Moderation
- Audio Moderation
- Text Moderation
- Submitting Virus Detection Job
- SDK Documentation
- Android SDK
- Object Operations
- Remote Disaster Recovery
- Cloud Access Management
- Data Verification
- Image Processing
- C SDK
- Object Operations
- Data Management
- Cloud Access Management
- Content Moderation
- Data Verification
- C++ SDK
- Cross-Region Disaster Recovery
- Data Management
- Cloud Access Management
- Data Verification
- Content Moderation
- .NET(C#) SDK
- Bucket Operations
- Object Operations
- Cross-Region Disaster Recovery
- Cloud Access Management
- Image Processing
- SDK for Flutter
- Object Operations
- Go SDK
- Bucket Operations
- Object Operations
- Cross-Region Disaster Recovery
- Cloud Access Management
- Data Verification
- File Processing
- Image Processing
- iOS SDK
- Object Operations
- Cross-region Disaster Recovery
- Cloud Access Management
- Image Processing
- Content Recognition
- Speech Recognition
- Java SDK
- Object Operations
- Cross-Region Disaster Recovery
- Cloud Access Management
- File Processing
- Media Processing
- AI-Based Content Recognition
- JavaScript SDK
- Object Operations
- File Processing
- Remote disaster-tolerant
- Data Management
- Cloud Access Management
- Data Verification
- Image Processing
- Node.js SDK
- Object Operations
- Remote disaster-tolerant
- Cloud Access Management
- Data Verification
- Image Processing
- PHP SDK
- Object Operations
- Bucket Operations
- Remote disaster-tolerant
- Cloud Access Management
- Image Processing
- Media Processing
- Document Processing
- File Processing
- Job APIs
- Template APIs
- Python SDK
- Object Operations
- Server-Side Encryption
- Cross-Region Disaster Recovery
- Cloud Access Management
- Content Recognition
- React Native SDK
- Object Operations
- Mini Program SDK
- Object Operations
- Remote disaster-tolerant
- Cloud Access Management
- Data Verification
- Content Moderation
- Image Processing
- FAQs
- Bucket Configuration
- Domain Names and CDN
- Object Operations
- Data Processing
- Related Agreements
- Appendices
- Historical version
Bucket policy
Last updated: 2024-02-04 16:24:44
Overview
This document provides an overview of APIs and SDK code samples related to bucket policies.
API | Operation | Description |
Setting a bucket policy | Sets a permission policy for the specified bucket | |
Querying bucket policy | Queries the permission policy of the specified bucket | |
Deleting bucket policies | Deletes the permission policies of a specified bucket |
Setting a bucket policy
Feature description
This API is used to set an access policy on a bucket.
Method prototype
put_bucket_policy(Bucket, Policy, **kwargs)
Request example
# -*- coding=utf-8from qcloud_cos import CosConfigfrom qcloud_cos import CosS3Clientimport sysimport osimport logging# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print information about the communication with the server.logging.basicConfig(level=logging.INFO, stream=sys.stdout)# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.secret_id = os.environ['COS_SECRET_ID'] # User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://cloud.tencent.com/document/product/598/37140.secret_key = os.environ['COS_SECRET_KEY'] # User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://cloud.tencent.com/document/product/598/37140.region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket.# For the list of regions supported by COS, see https://cloud.tencent.com/document/product/436/6224.token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://cloud.tencent.com/document/product/436/14048.scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This field is optional and is `https` by default.config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)client = CosS3Client(config)response = client.put_bucket_policy(Bucket='examplebucket-1250000000',Policy={"Statement":[{"Principal":{"qcs":["qcs::cam::uin/100000000001:uin/100000000011"]},"Effect": "allow","Action":["name/cos:GetBucket"],"Resource":["qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*"],"condition":{"ip_equal":{"qcs:ip": "10.121.2.10/24"}}}],"version": "2.0"})
Field description
Parameter | Description | Type | Required |
Bucket | Bucket name in the format of BucketName-APPID | String | Yes |
Statement | Detailed information about one or more permissions | Struct | Yes |
Principal | Specifies the entity to which the permission is granted. For more information, see Access Policy Language Overview | Dict | Yes |
Effect | Allow or deny | String | Yes |
Action | COS API. You can specify one, several, or all ( *) COS APIs as needed, e.g. name/cos:GetService. Note that this value is case-sensitive. | List | Yes |
Resource | Specifies the resource for which permission is granted. It can be any resource, a resource in a path with a specified prefix, a resource in a specified absolute path, or a combination thereof. | List | Yes |
Condition | (Optional) Specifies the rule condition. For more information, see condition | List | No |
Response description
This API returns
None.Querying a bucket policy
Feature description
This API is used to query the access policy on a bucket.
Method prototype
get_bucket_policy(Bucket, **kwargs)
Request example
# -*- coding=utf-8from qcloud_cos import CosConfigfrom qcloud_cos import CosS3Clientimport sysimport osimport loggingimport json# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print information about the communication with the server.logging.basicConfig(level=logging.INFO, stream=sys.stdout)# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.secret_id = os.environ['COS_SECRET_ID'] # User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://cloud.tencent.com/document/product/598/37140.secret_key = os.environ['COS_SECRET_KEY'] # User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://cloud.tencent.com/document/product/598/37140.region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket.# For the list of regions supported by COS, see https://cloud.tencent.com/document/product/436/6224.token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://cloud.tencent.com/document/product/436/14048.scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This field is optional and is `https` by default.config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)client = CosS3Client(config)response = client.get_bucket_policy(Bucket='examplebucket-1250000000',)policy = json.loads(response['Policy'])
Field description
Parameter | Description | Type | Required |
Bucket | Bucket name in the format of BucketName-APPID | String | Yes |
Response description
This API returns the bucket permission policy of
dict type, which contains a key-value pair, where key is the 'Policy' string, and the value is a JSON string that represents the specific permission policy and can be converted to dict through json.loads().{"Statement":[{"Principal":{"qcs":["qcs::cam::uin/100000000001:uin/100000000011"]},"Effect": "allow","Action":["name/cos:GetBucket"],"Resource":["qcs::cos:ap-guangzhou:uid/1250000000:examplebucket-1250000000/*"],"condition":{"ip_equal":{"qcs:ip": "10.121.2.10/24"}}}],"version": "2.0"}
Parameter | Description | Type |
Statement | Specifies one or more permissions | List |
Principal | Specifies the entity to which the permission is granted. For more information, see Access Policy Language Overview | Dict |
version | The policy syntax version. The default is 2.0. | String |
Effect | Allow or explicitly deny | String |
Action | COS API. You can specify one, several, or all ( *) COS APIs as needed, e.g. name/cos:GetService. Note that this value is case-sensitive. | List |
Resource | Specifies the resource for which permission is granted. It can be any resource, a resource in a path with a specified prefix, a resource in a specified absolute path, or a combination thereof. | List |
Condition | (Optional) Specifies the rule condition. For more information, see condition | List |
Deleting a bucket policy
Feature description
This API is used to delete the access policy from a specified bucket.
Method prototype
delete_bucket_policy(Bucket, **kwargs)
Request example
# -*- coding=utf-8from qcloud_cos import CosConfigfrom qcloud_cos import CosS3Clientimport sysimport osimport logging# In most cases, set the log level to INFO. If you need to debug, you can set it to DEBUG and the SDK will print information about the communication with the server.logging.basicConfig(level=logging.INFO, stream=sys.stdout)# 1. Set user attributes such as secret_id, secret_key, and region. Appid has been removed from CosConfig and thus needs to be specified in Bucket, which is formatted as BucketName-Appid.secret_id = os.environ['COS_SECRET_ID'] # User `SecretId`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://cloud.tencent.com/document/product/598/37140.secret_key = os.environ['COS_SECRET_KEY'] # User `SecretKey`. We recommend you use a sub-account key and follow the principle of least privilege to reduce risks. For information about how to obtain a sub-account key, visit https://cloud.tencent.com/document/product/598/37140.region = 'ap-beijing' # Replace it with the actual region, which can be viewed in the console at https://console.cloud.tencent.com/cos5/bucket.# For the list of regions supported by COS, see https://cloud.tencent.com/document/product/436/6224.token = None # Token is required for temporary keys but not permanent keys. For more information about how to generate and use a temporary key, see https://cloud.tencent.com/document/product/436/14048.scheme = 'https' # Specify whether to use HTTP or HTTPS protocol to access COS. This field is optional and is `https` by default.config = CosConfig(Region=region, SecretId=secret_id, SecretKey=secret_key, Token=token, Scheme=scheme)client = CosS3Client(config)response = client.delete_bucket_policy(Bucket='examplebucket-1250000000',)
Field description
Parameter | Description | Type | Required |
Bucket | Bucket name in the format of BucketName-APPID | String | Yes |
Response description
This API returns
None.Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No