Managing Access to Amazon S3 Buckets Using Bucket Policies - AWS SDK for C++

Managing Access to Amazon S3 Buckets Using Bucket Policies

You can set, get, or delete a bucket policy to manage access to your Amazon S3 buckets.

Note

These code snippets assume that you understand the material in Getting Started Using the AWS SDK for C++ and have configured default AWS credentials using the information in Providing AWS Credentials.

Set a Bucket Policy

You can set the bucket policy for a particular S3 bucket by calling the S3Client’s PutBucketPolicy function and providing it with the bucket name and policy’s JSON representation in a PutBucketPolicyRequest.

Includes

#include <cstdio> #include <aws/core/Aws.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/PutBucketPolicyRequest.h>

Code

const Aws::String policy_string = "{\n" " \"Version\":\"2012-10-17\",\n" " \"Statement\":[\n" " {\n" " \"Sid\": \"1\",\n" " \"Effect\": \"Allow\",\n" " \"Principal\": {\"AWS\":\"*\"},\n" " \"Action\": [\"s3:GetObject\"],\n" " \"Resource\": [\"arn:aws:s3:::" + bucket_name + "/*\"]\n" " }]\n" "}";
auto request_body = Aws::MakeShared<Aws::StringStream>(""); st_body << policy_string; Aws::S3::Model::PutBucketPolicyRequest request; request.SetBucket(bucket_name); request.SetBody(request_body); auto outcome = s3_client.PutBucketPolicy(request); if (outcome.IsSuccess()) { std::cout << "Done!" << std::endl; } else { std::cout << "SetBucketPolicy error: " << outcome.GetError().GetExceptionName() << std::endl << outcome.GetError().GetMessage() << std::endl; }
Note

The Aws::Utils::Json::JsonValue utility class can be used to help you construct valid JSON objects to pass to PutBucketPolicy.

See the complete example.

Get a Bucket Policy

To retrieve the policy for an Amazon S3 bucket, call the S3Client’s GetBucketPolicy function, passing it the name of the bucket in a GetBucketPolicyRequest.

Includes

#include <iostream> #include <aws/core/Aws.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/GetBucketPolicyRequest.h> #include <awsdoc/s3/s3_examples.h>

Code

Doc::S3::GetBucketPolicy(const Aws::String& bucketName, t Aws::String& region) :Client::ClientConfiguration config; ig.region = region; :S3::S3Client s3_client(config); :S3::Model::GetBucketPolicyRequest request; est.SetBucket(bucketName); :S3::Model::GetBucketPolicyOutcome outcome = s3_client.GetBucketPolicy(request); outcome.IsSuccess()) Aws::StringStream policy_stream; Aws::String line; outcome.GetResult().GetPolicy() >> line; policy_stream << line; std::cout << "Policy:" << std::endl << std::endl << policy_stream.str() << std::endl; return true; auto err = outcome.GetError(); std::cout << "Error: GetBucketPolicy: " << err.GetExceptionName() << ": " << err.GetMessage() << std::endl; return false; () :String bucket_name = "my-bucket"; :String region = "us-east-1"; :SDKOptions options; :InitAPI(options); if (!AwsDoc::S3::GetBucketPolicy(bucket_name, region)) { return 1; } :ShutdownAPI(options); rn 0;

See the complete example.

Delete a Bucket Policy

To delete a bucket policy, call the S3Client’s DeleteBucketPolicy function, providing it with the bucket name in a DeleteBucketPolicyRequest.

Includes

#include <iostream> #include <aws/core/Aws.h> #include <aws/s3/S3Client.h> #include <aws/s3/model/DeleteBucketPolicyRequest.h> #include <awsdoc/s3/s3_examples.h>

Code

Doc::S3::DeleteBucketPolicy(const Aws::String& bucketName) :S3::S3Client s3_client; :S3::Model::DeleteBucketPolicyRequest request; est.SetBucket(bucketName); :S3::Model::DeleteBucketPolicyOutcome outcome = s3_client.DeleteBucketPolicy(request); !outcome.IsSuccess()) auto err = outcome.GetError(); std::cout << "Error: DeleteBucketPolicy: " << err.GetExceptionName() << ": " << err.GetMessage() << std::endl; return false; rn true; () :String bucket_name = "my-bucket"; :SDKOptions options; :InitAPI(options); if (AwsDoc::S3::DeleteBucketPolicy(bucket_name)) { std::cout << "Deleted bucket policy from '" << bucket_name << "'." << std::endl; } else { return 1; } downAPI(options); rn 0;

This function succeeds even if the bucket doesn’t already have a policy. If you specify a bucket name that doesn’t exist or if you don’t have access to the bucket, an AmazonServiceException is thrown.

See the complete example.

More Info