Translations:Arbutus object storage/34/en
Jump to navigation
Jump to search
Currently, Arbutus Object Storage only implements a subset of Amazon's specification for [data container polices]. The following example shows how to create, apply, and view a policy. The first step is create a policy json file:
{ "Version": "2012-10-17", "Id": "S3PolicyId1", "Statement": [ { "Sid": "IPAllow", "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::testbucket", "arn:aws:s3:::testbucket/*" ], "Condition": { "NotIpAddress": { "aws:SourceIp": "206.12.0.0/16" "aws:SourceIp": "142.104.0.0/16" } } } ] }
This example denies access except from the specified source IP address ranges in Classless Inter-Domain Routing (CIDR) notation. In this example the s3://testbucket is limited to the public IP address range (206.12.0.0/16) used by the Arbutus cloud and the public IP address range (142.104.0.0/16) used by the University of Victoria.