AWS SDK for C++
Developer Guide

Managing Access to Amazon S3 Buckets Using Bucket Policies

You can set, get, or delete a bucket policy to manage access to your Amazon S3 buckets.

Note

These code snippets assume that you understand the material in Getting Started Using the AWS SDK for C++ and have configured default AWS credentials using the information in Providing AWS Credentials.

Set a Bucket Policy

You can set the bucket policy for a particular S3 bucket by calling the S3Client's PutBucketPolicy function and providing it with the bucket name and policy's JSON representation in a PutBucketPolicyRequest.

Includes

CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ #include <cstdio>

Code

<< "----" << std::endl << "On S3 bucket: " << bucket_name << std::endl; Aws::Client::ClientConfiguration config; config.region = user_region; Aws::S3::S3Client s3_client(config); auto request_body = Aws::MakeShared<Aws::StringStream>(""); st_body << policy_string; Aws::S3::Model::PutBucketPolicyRequest request; request.SetBucket(bucket_name); request.SetBody(request_body); auto outcome = s3_client.PutBucketPolicy(request); if (outcome.IsSuccess()) { std::cout << "Done!" << std::endl; } else { std::cout << "SetBucketPolicy error: "

Note

The Aws::Utils::Json::JsonValue utility class can be used to help you construct valid JSON objects to pass to PutBucketPolicy.

See the complete example.

Get a Bucket Policy

To retrieve the policy for an Amazon S3 bucket, call the S3Client's GetBucketPolicy function, passing it the name of the bucket in a GetBucketPolicyRequest.

Includes

CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */

Code

const Aws::String user_region = (argc == 3) ? argv[2] : "us-east-1"; std::cout << "Getting policy for bucket: " << bucket_name << std::endl; Aws::Client::ClientConfiguration config; config.region = user_region; Aws::S3::S3Client s3_client(config); Aws::S3::Model::GetBucketPolicyRequest request; request.SetBucket(bucket_name); auto outcome = s3_client.GetBucketPolicy(request); if (outcome.IsSuccess()) { Aws::StringStream policyStream; Aws::String line; while (outcome.GetResult().GetPolicy()) { outcome.GetResult().GetPolicy() >> line; policyStream << line; } std::cout << "Policy: " << std::endl << policyStream.str() << std::endl; } else { std::cout << "GetBucketPolicy error: " <<

See the complete example.

Delete a Bucket Policy

To delete a bucket policy, call the S3Client's DeleteBucketPolicy function, providing it with the bucket name in a DeleteBucketPolicyRequest.

Includes

CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */

Code

Aws::Client::ClientConfiguration config; config.region = user_region; Aws::S3::S3Client s3_client(config); Aws::S3::Model::DeleteBucketPolicyRequest request; request.SetBucket(bucket_name); auto outcome = s3_client.DeleteBucketPolicy(request); if (outcome.IsSuccess()) { std::cout << "Done!" << std::endl; } else { std::cout << "DeleteBucketPolicy error: "

This function succeeds even if the bucket doesn't already have a policy. If you specify a bucket name that doesn't exist or if you don't have access to the bucket, an AmazonServiceException is thrown.

See the complete example.

More Info