Translations:Arbutus object storage/31/en

From Alliance Doc
Revision as of 20:30, 25 January 2023 by FuzzyBot (talk | contribs) (Importing a new version from external source)
Jump to navigation Jump to search

Bucket policies

{warning:title=ATTENTION:} Be careful with policies because an ill-conceived policy can lock you out of your bucket. {warning}

Currently Arbutus Object Storage only implements a subset of Amazon's specification for [bucket polices]. The following example shows how to create, apply, and view a bucket's policy. The first step is create a policy json file:

{
    "Version": "2012-10-17",
    "Id": "S3PolicyId1",
    "Statement": [
        {
            "Sid": "IPAllow",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::testbucket",
                "arn:aws:s3:::testbucket/*"
            ],
            "Condition": {
                "NotIpAddress": {
                    "aws:SourceIp": "206.12.0.0/16"
                    "aws:SourceIp": "142.104.0.0/16"
                }
            }
        }
    ]
}

This example denies access except from the specified source IP address ranges in Classless Inter-Domain Routing (CIDR) notation. In this example the s3://testbucket is limited to the public IP address range (206.12.0.0/16) used by the Arbutus Cloud and the public IP address range (142.104.0.0/16) used by the University of Victoria.

Retrieved from "https://docs.alliancecan.ca/mediawiki/index.php?title=Translations:Arbutus_object_storage/31/en&oldid=126973"