Menu
AWS SDK for C++
Developer Guide

Managing Amazon S3 Access Permissions for Buckets and Objects

You can use access control lists (ACLs) for Amazon S3 buckets and objects for fine-grained control over your Amazon S3 resources.

Note

These code snippets assume that you understand the material in Getting Started Using the AWS SDK for C++ and have configured default AWS credentials using the information in Providing AWS Credentials.

Get the Access Control List for a Bucket

To get the ACL for an Amazon S3 bucket, call the S3Client's GetBucketAcl function with a GetBucketAclRequest, providing it with the bucket name.

Results are returned in an GetBucketAclResult that you can use to get the list of Grants by calling its GetGrants function.

Includes

Copy
#include <aws/core/Aws.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/GetBucketAclRequest.h> #include <aws/s3/model/Permission.h> #include <aws/s3/model/Grant.h>

Code

Copy
Aws::Client::ClientConfiguration config; config.region = user_region; Aws::S3::S3Client s3_client(config); Aws::S3::Model::GetBucketAclRequest request; request.SetBucket(bucket_name); auto outcome = s3_client.GetBucketAcl(request); if (outcome.IsSuccess()) { Aws::Vector<Aws::S3::Model::Grant> grants = outcome.GetResult().GetGrants(); for (auto it = grants.begin(); it != grants.end(); it++) { Aws::S3::Model::Grant grant = *it; std::cout << grant.GetGrantee().GetDisplayName() << ": " << GetPermissionString(grant.GetPermission()) << std::endl; } } else { std::cout << "GetBucketAcl error: " << outcome.GetError().GetExceptionName() << " - " << outcome.GetError().GetMessage() << std::endl; }

See the complete example.

Set the Access Control List for a Bucket

To set the ACL for a bucket, call the S3Client's PutBucketAcl function, passing it a PutBucketAclRequest object with the bucket name and list of grantees and permissions within an AccessControlPolicy object.

Includes

Copy
#include <aws/core/Aws.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/AccessControlPolicy.h> #include <aws/s3/model/GetBucketAclRequest.h> #include <aws/s3/model/PutBucketAclRequest.h> #include <aws/s3/model/Grantee.h> #include <aws/s3/model/Permission.h>

Code

Copy
Aws::Client::ClientConfiguration config; config.region = user_region; Aws::S3::S3Client s3_client(config); Aws::S3::Model::GetBucketAclRequest get_request; get_request.SetBucket(bucket_name); auto get_outcome = s3_client.GetBucketAcl(get_request); if (get_outcome.IsSuccess()) { Aws::S3::Model::Grantee grantee; grantee.SetEmailAddress(email); Aws::S3::Model::PutBucketAclRequest put_request; put_request.SetBucket(bucket_name); s3_client.PutBucketAcl(put_request); } else { std::cout << "GetBucketAcl error: " << get_outcome.GetError().GetExceptionName() << " - " << get_outcome.GetError().GetMessage() << std::endl; }

See the complete example.

Get the Access Control List for an Object

To get the ACL for an Amazon S3 object, call the S3Client's GetObjectAcl function with a GetObjectAclRequest, providing it with the bucket name and object key.

Results are returned in an GetObjectAclResult that you can use to get the list of Grants by calling its GetGrants function.

Includes

Copy
#include <aws/core/Aws.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/GetObjectAclRequest.h> #include <aws/s3/model/Permission.h> #include <aws/s3/model/Grant.h>

Code

Copy
Aws::Client::ClientConfiguration config; config.region = user_region; Aws::S3::S3Client s3_client(config); Aws::S3::Model::GetObjectAclRequest request; request.SetBucket(bucket_name); request.SetKey(object_key); auto outcome = s3_client.GetObjectAcl(request); if (outcome.IsSuccess()) { Aws::Vector<Aws::S3::Model::Grant> grants = outcome.GetResult().GetGrants(); for (auto it = grants.begin(); it != grants.end(); it++) { Aws::S3::Model::Grant grant = *it; std::cout << grant.GetGrantee().GetDisplayName() << ": " << GetPermissionString(grant.GetPermission()) << std::endl; } } else { std::cout << "GetObjectAcl error: " << outcome.GetError().GetExceptionName() << " - " << outcome.GetError().GetMessage() << std::endl; }

See the complete example.

Set the Access Control List for an Object

To set the ACL for an object, call the S3Client's PutObjectAcl function, passing it a PutObjectAclRequest object with the object name and list of grantees and permissions within an AccessControlPolicy object.

Includes

Copy
#include <aws/core/Aws.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/AccessControlPolicy.h> #include <aws/s3/model/GetObjectAclRequest.h> #include <aws/s3/model/PutObjectAclRequest.h> #include <aws/s3/model/Grantee.h> #include <aws/s3/model/Permission.h>

Code

Copy
Aws::Client::ClientConfiguration config; config.region = user_region; Aws::S3::S3Client s3_client(config); Aws::S3::Model::GetBucketAclRequest get_request; get_request.SetBucket(bucket_name); auto get_outcome = s3_client.GetBucketAcl(get_request); if (get_outcome.IsSuccess()) { Aws::S3::Model::Grantee grantee; grantee.SetEmailAddress(email); Aws::S3::Model::PutBucketAclRequest put_request; put_request.SetBucket(bucket_name); s3_client.PutBucketAcl(put_request); } else { std::cout << "GetBucketAcl error: " << get_outcome.GetError().GetExceptionName() << " - " << get_outcome.GetError().GetMessage() << std::endl; }

See the complete example.

More Information