AWS Code Sample
Catalog

get_put_bucket_acl.cpp

get_put_bucket_acl.cpp demonstrates how to retrieve and modify the access control list of an Amazon S3 bucket.

/* Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. This file is licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://aws.amazon.com/apache2.0/ This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ #include <aws/core/Aws.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/AccessControlPolicy.h> #include <aws/s3/model/GetBucketAclRequest.h> #include <aws/s3/model/PutBucketAclRequest.h> #include <aws/s3/model/Grant.h> #include <aws/s3/model/Grantee.h> #include <aws/s3/model/Permission.h> Aws::S3::Model::Permission GetPermission(Aws::String access) { if (access == "FULL_CONTROL") return Aws::S3::Model::Permission::FULL_CONTROL; if (access == "WRITE") return Aws::S3::Model::Permission::WRITE; if (access == "READ") return Aws::S3::Model::Permission::READ; if (access == "WRITE_ACP") return Aws::S3::Model::Permission::WRITE_ACP; if (access == "READ_ACP") return Aws::S3::Model::Permission::READ_ACP; return Aws::S3::Model::Permission::NOT_SET; } void SetAclForBucket(Aws::String bucket_name, Aws::String grantee_id, Aws::String permission) { // Set up the get request Aws::S3::S3Client s3_client; Aws::S3::Model::GetBucketAclRequest get_request; get_request.SetBucket(bucket_name); // Get the current access control policy auto get_outcome = s3_client.GetBucketAcl(get_request); if (!get_outcome.IsSuccess()) { auto error = get_outcome.GetError(); std::cout << "Original GetBucketAcl error: " << error.GetExceptionName() << " - " << error.GetMessage() << std::endl; return; } // Reference the retrieved access control policy auto result = get_outcome.GetResult(); // Copy the result to an access control policy object (cannot typecast) Aws::S3::Model::AccessControlPolicy acp; acp.SetOwner(result.GetOwner()); acp.SetGrants(result.GetGrants()); // Define and add new grant Aws::S3::Model::Grant new_grant; Aws::S3::Model::Grantee new_grantee; new_grantee.SetID(grantee_id); new_grantee.SetType(Aws::S3::Model::Type::CanonicalUser); new_grant.SetGrantee(new_grantee); new_grant.SetPermission(GetPermission(permission)); acp.AddGrants(new_grant); // Set up the put request Aws::S3::Model::PutBucketAclRequest put_request; put_request.SetAccessControlPolicy(acp); put_request.SetBucket(bucket_name); // Set the new access control policy auto set_outcome = s3_client.PutBucketAcl(put_request); if (!set_outcome.IsSuccess()) { auto error = set_outcome.GetError(); std::cout << "PutBucketAcl error: " << error.GetExceptionName() << " - " << error.GetMessage() << std::endl; return; } // Verify the operation by retrieving the updated ACP get_outcome = s3_client.GetBucketAcl(get_request); if (!get_outcome.IsSuccess()) { auto error = get_outcome.GetError(); std::cout << "Updated GetBucketAcl error: " << error.GetExceptionName() << " - " << error.GetMessage() << std::endl; return; } result = get_outcome.GetResult(); // Output some settings of the updated ACP std::cout << "Updated Bucket ACL:\n"; auto grants = result.GetGrants(); for (auto & grant : grants) { auto grantee = grant.GetGrantee(); std::cout << " Grantee Display Name: " << grantee.GetDisplayName() << std::endl; std::cout << " Permission: "; auto perm = grant.GetPermission(); switch (perm) { case Aws::S3::Model::Permission::NOT_SET: std::cout << "NOT_SET\n"; break; case Aws::S3::Model::Permission::FULL_CONTROL: std::cout << "FULL_CONTROL\n"; break; case Aws::S3::Model::Permission::WRITE: std::cout << "WRITE\n"; break; case Aws::S3::Model::Permission::WRITE_ACP: std::cout << "WRITE_ACP\n"; break; case Aws::S3::Model::Permission::READ: std::cout << "READ\n"; break; case Aws::S3::Model::Permission::READ_ACP: std::cout << "READ_ACP\n"; break; default: std::cout << "UNKNOWN VALUE\n"; break; } } } /** * Exercise SetAclForBucket() */ int main(int argc, char** argv) { Aws::SDKOptions options; Aws::InitAPI(options); { // Assign these values before compiling the program const Aws::String bucket_name = "BUCKET_NAME"; const Aws::String grantee_id = "AWS_USER_CANONICAL_ID"; const Aws::String permission = "READ"; // Set the access control list for a bucket SetAclForBucket(bucket_name, grantee_id, permission); } Aws::ShutdownAPI(options); }

Sample Details

Service: s3

Author: AWS

Type: snippet

On this page: