Translations:Arbutus object storage/31/en: Difference between revisions

From Alliance Doc
Jump to navigation Jump to search
(Importing a new version from external source)
 
(Importing a new version from external source)
Line 1: Line 1:
= Bucket policies =
= Bucket policies =
{warning:title=ATTENTION:}
Be careful with policies because an ill-conceived policy can lock you out of your bucket.
{warning}
Currently Arbutus Object Storage only implements a subset of Amazon's specification for [[https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html bucket polices]]. The following example shows how to create, apply, and view a bucket's policy. The first step is create a policy json file:</p>
Currently Arbutus Object Storage only implements a subset of Amazon's specification for [[https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html bucket polices]]. The following example shows how to create, apply, and view a bucket's policy. The first step is create a policy json file:</p>
<pre>{
<pre>{
Line 24: Line 27:
}
}
</pre>
</pre>
<p>This example denies access except from the specified source IP addresses. In this example the s3://testbucket is limited to the public IP address range (206.12.0.0/16) used by the Arbutus Cloud and the public IP address range (142.104.0.0/16) used by the University of Victoria.</p>
<p>This example denies access except from the specified source IP address ranges in Classless Inter-Domain Routing (CIDR) notation. In this example the s3://testbucket is limited to the public IP address range (206.12.0.0/16) used by the Arbutus Cloud and the public IP address range (142.104.0.0/16) used by the University of Victoria.</p>

Revision as of 20:30, 25 January 2023

Information about message (contribute)
This message has no documentation. If you know where or how this message is used, you can help other translators by adding documentation to this message.
Message definition (Arbutus object storage)
=== Managing data container (bucket) policies for your Arbutus Object Store ===
<br>
{{Warning|title=Attention|content=Be careful with policies because an ill-conceived policy can lock you out of your data container.}}

Bucket policies

{warning:title=ATTENTION:} Be careful with policies because an ill-conceived policy can lock you out of your bucket. {warning}

Currently Arbutus Object Storage only implements a subset of Amazon's specification for [bucket polices]. The following example shows how to create, apply, and view a bucket's policy. The first step is create a policy json file:

{
    "Version": "2012-10-17",
    "Id": "S3PolicyId1",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::testbucket",
                "arn:aws:s3:::testbucket/*"
            ],
            "Condition": {
                "NotIpAddress": {
                    "aws:SourceIp": "206.12.0.0/16"
                    "aws:SourceIp": "142.104.0.0/16"
                }
            }
        }
    ]
}

This example denies access except from the specified source IP address ranges in Classless Inter-Domain Routing (CIDR) notation. In this example the s3://testbucket is limited to the public IP address range (206.12.0.0/16) used by the Arbutus Cloud and the public IP address range (142.104.0.0/16) used by the University of Victoria.

Retrieved from "https://docs.alliancecan.ca/mediawiki/index.php?title=Translations:Arbutus_object_storage/31/en&oldid=126973"