Menu
AWS SDK for C++
Developer Guide

Managing Access to Amazon S3 Buckets Using Bucket Policies

You can set, get, or delete a bucket policy to manage access to your Amazon S3 buckets.

Note

These code snippets assume that you understand the material in Getting Started Using the AWS SDK for C++ and have configured default AWS credentials using the information in Providing AWS Credentials.

Set a Bucket Policy

You can set the bucket policy for a particular S3 bucket by calling the S3Client's PutBucketPolicy function and providing it with the bucket name and policy's JSON representation in a PutBucketPolicyRequest.

Includes

Copy
#include <cstdio> #include <aws/core/Aws.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/PutBucketPolicyRequest.h>

Code

Copy
Aws::Client::ClientConfiguration config; config.region = user_region; Aws::S3::S3Client s3_client(config); auto request_body = Aws::MakeShared<Aws::StringStream>(""); st_body << policy_string; Aws::S3::Model::PutBucketPolicyRequest request; request.SetBucket(bucket_name); request.SetBody(request_body); auto outcome = s3_client.PutBucketPolicy(request); if (outcome.IsSuccess()) { std::cout << "Done!" << std::endl; } else { std::cout << "SetBucketPolicy error: " << outcome.GetError().GetExceptionName() << std::endl << outcome.GetError().GetMessage() << std::endl; }

Note

The Aws::Utils::Json::JsonValue utility class can be used to help you construct valid JSON objects to pass to PutBucketPolicy.

See the complete example.

Get a Bucket Policy

To retrieve the policy for an Amazon S3 bucket, call the S3Client's GetBucketPolicy function, passing it the name of the bucket in a GetBucketPolicyRequest.

Includes

Copy
#include <aws/core/Aws.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/GetBucketPolicyRequest.h>

Code

Copy
Aws::Client::ClientConfiguration config; config.region = user_region; Aws::S3::S3Client s3_client(config); Aws::S3::Model::GetBucketPolicyRequest request; request.SetBucket(bucket_name); auto outcome = s3_client.GetBucketPolicy(request); if (outcome.IsSuccess()) { Aws::StringStream policyStream; Aws::String line; while (outcome.GetResult().GetPolicy()) { outcome.GetResult().GetPolicy() >> line; policyStream << line; } std::cout << "Policy: " << std::endl << policyStream.str() << std::endl; } else { std::cout << "GetBucketPolicy error: " << outcome.GetError().GetExceptionName() << std::endl << outcome.GetError().GetMessage() << std::endl; }

See the complete example.

Delete a Bucket Policy

To delete a bucket policy, call the S3Client's DeleteBucketPolicy function, providing it with the bucket name in a DeleteBucketPolicyRequest.

Includes

Copy
#include <aws/core/Aws.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/DeleteBucketPolicyRequest.h>

Code

Copy
Aws::S3::S3Client s3_client(config); Aws::S3::Model::DeleteBucketPolicyRequest request; request.SetBucket(bucket_name); auto outcome = s3_client.DeleteBucketPolicy(request); if (outcome.IsSuccess()) { std::cout << "Done!" << std::endl; } else { std::cout << "DeleteBucketPolicy error: " << outcome.GetError().GetExceptionName() << " - " << outcome.GetError().GetMessage() << std::endl; }

This function succeeds even if the bucket doesn't already have a policy. If you specify a bucket name that doesn't exist or if you don't have access to the bucket, an AmazonServiceException is thrown.

See the complete example.

More Info