文件範例儲存庫中有更多 AWS SDK可用的範例。 AWS SDK
本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
PutBucketPolicy 搭配 AWS SDK或 使用 CLI
下列程式碼範例示範如何使用 PutBucketPolicy。
- C++
-
- SDK 適用於 C++
-
注意
還有更多 。 GitHub尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 bool AwsDoc::S3::putBucketPolicy(const Aws::String &bucketName, const Aws::String &policyBody, const Aws::S3::S3ClientConfiguration &clientConfig) { Aws::S3::S3Client s3Client(clientConfig); std::shared_ptr<Aws::StringStream> request_body = Aws::MakeShared<Aws::StringStream>(""); *request_body << policyBody; Aws::S3::Model::PutBucketPolicyRequest request; request.SetBucket(bucketName); request.SetBody(request_body); Aws::S3::Model::PutBucketPolicyOutcome outcome = s3Client.PutBucketPolicy(request); if (!outcome.IsSuccess()) { std::cerr << "Error: putBucketPolicy: " << outcome.GetError().GetMessage() << std::endl; } else { std::cout << "Set the following policy body for the bucket '" << bucketName << "':" << std::endl << std::endl; std::cout << policyBody << std::endl; } return outcome.IsSuccess(); } //! Build a policy JSON string. /*! \param userArn: Aws user Amazon Resource Name (ARN). For more information, see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns. \param bucketName: Name of a bucket. \return String: Policy as JSON string. */ Aws::String getPolicyString(const Aws::String &userArn, const Aws::String &bucketName) { return "{\n" " \"Version\":\"2012-10-17\",\n" " \"Statement\":[\n" " {\n" " \"Sid\": \"1\",\n" " \"Effect\": \"Allow\",\n" " \"Principal\": {\n" " \"AWS\": \"" + userArn + "\"\n"" },\n" " \"Action\": [ \"s3:getObject\" ],\n" " \"Resource\": [ \"arn:aws:s3:::" + bucketName + "/*\" ]\n" " }\n" " ]\n" "}"; }-
如需API詳細資訊,請參閱 參考 PutBucketPolicy中的 。 AWS SDK for C++ API
-
- CLI
-
- AWS CLI
-
此範例可讓所有使用者擷取 中的任何物件,MyBucket但 中的物件除外MySecretFolder。它還將
put和delete許可授予 AWS 帳戶的根使用者1234-5678-9012:aws s3api put-bucket-policy --bucketMyBucket--policyfile://policy.jsonpolicy.json:{"Statement":[{"Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource":"arn:aws:s3:::MyBucket/*"},{"Effect": "Deny", "Principal": "*", "Action": "s3:GetObject", "Resource":"arn:aws:s3:::MyBucket/MySecretFolder/*"},{"Effect": "Allow", "Principal":{"AWS":"arn:aws:iam::123456789012:root"},"Action":["s3:DeleteObject","s3:PutObject"],"Resource":"arn:aws:s3:::MyBucket/*"}]}-
如需API詳細資訊,請參閱 命令參考 PutBucketPolicy
中的 。 AWS CLI
-
- Java
-
- SDK 適用於 Java 2.x
-
注意
還有更多 。 GitHub尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.model.PutBucketPolicyRequest; import software.amazon.awssdk.services.s3.model.S3Exception; import software.amazon.awssdk.regions.Region; import java.io.IOException; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Paths; import java.util.List; import com.fasterxml.jackson.core.JsonParser; import com.fasterxml.jackson.databind.ObjectMapper; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * <p> * For more information, see the following documentation topic: * <p> * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class SetBucketPolicy { public static void main(String[] args) { final String usage = """ Usage: <bucketName> <polFile> Where: bucketName - The Amazon S3 bucket to set the policy on. polFile - A JSON file containing the policy (see the Amazon S3 Readme for an example).\s """; if (args.length != 2) { System.out.println(usage); System.exit(1); } String bucketName = args[0]; String polFile = args[1]; String policyText = getBucketPolicyFromFile(polFile); Region region = Region.US_EAST_1; S3Client s3 = S3Client.builder() .region(region) .build(); setPolicy(s3, bucketName, policyText); s3.close(); } /** * Sets the policy for an Amazon S3 bucket. * * @param s3 the {@link S3Client} object used to interact with the Amazon S3 service * @param bucketName the name of the Amazon S3 bucket * @param policyText the text of the policy to be set on the bucket * @throws S3Exception if there is an error setting the bucket policy */ public static void setPolicy(S3Client s3, String bucketName, String policyText) { System.out.println("Setting policy:"); System.out.println("----"); System.out.println(policyText); System.out.println("----"); System.out.format("On Amazon S3 bucket: \"%s\"\n", bucketName); try { PutBucketPolicyRequest policyReq = PutBucketPolicyRequest.builder() .bucket(bucketName) .policy(policyText) .build(); s3.putBucketPolicy(policyReq); } catch (S3Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } System.out.println("Done!"); } /** * Retrieves the bucket policy from a specified file. * * @param policyFile the path to the file containing the bucket policy * @return the content of the bucket policy file as a string */ public static String getBucketPolicyFromFile(String policyFile) { StringBuilder fileText = new StringBuilder(); try { List<String> lines = Files.readAllLines(Paths.get(policyFile), StandardCharsets.UTF_8); for (String line : lines) { fileText.append(line); } } catch (IOException e) { System.out.format("Problem reading file: \"%s\"", policyFile); System.out.println(e.getMessage()); } try { final JsonParser parser = new ObjectMapper().getFactory().createParser(fileText.toString()); while (parser.nextToken() != null) { } } catch (IOException jpe) { jpe.printStackTrace(); } return fileText.toString(); } }-
如需API詳細資訊,請參閱 參考 PutBucketPolicy中的 。 AWS SDK for Java 2.x API
-
- JavaScript
-
- SDK 適用於 JavaScript (v3)
-
注意
還有更多 。 GitHub尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 新增政策。
import { PutBucketPolicyCommand, S3Client, S3ServiceException, } from "@aws-sdk/client-s3"; /** * Grant an IAM role GetObject access to all of the objects * in the provided bucket. * @param {{ bucketName: string, iamRoleArn: string }} */ export const main = async ({ bucketName, iamRoleArn }) => { const client = new S3Client({}); const command = new PutBucketPolicyCommand({ // This is a resource-based policy. For more information on resource-based policies, // see https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_resource-based. Policy: JSON.stringify({ Version: "2012-10-17", Statement: [ { Effect: "Allow", Principal: { AWS: iamRoleArn, }, Action: "s3:GetObject", Resource: `arn:aws:s3:::${bucketName}/*`, }, ], }), // Apply the preceding policy to this bucket. Bucket: bucketName, }); try { await client.send(command); console.log( `GetObject access to the bucket "${bucketName}" was granted to the provided IAM role.`, ); } catch (caught) { if ( caught instanceof S3ServiceException && caught.name === "MalformedPolicy" ) { console.error( `Error from S3 while setting the bucket policy for the bucket "${bucketName}". The policy was malformed.`, ); } else if (caught instanceof S3ServiceException) { console.error( `Error from S3 while setting the bucket policy for the bucket "${bucketName}". ${caught.name}: ${caught.message}`, ); } else { throw caught; } } };-
如需詳細資訊,請參閱《AWS SDK for JavaScript 開發人員指南》。
-
如需API詳細資訊,請參閱 參考 PutBucketPolicy中的 。 AWS SDK for JavaScript API
-
- Python
-
- SDK for Python (Boto3)
-
注意
還有更多 。 GitHub尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 class BucketWrapper: """Encapsulates S3 bucket actions.""" def __init__(self, bucket): """ :param bucket: A Boto3 Bucket resource. This is a high-level resource in Boto3 that wraps bucket actions in a class-like structure. """ self.bucket = bucket self.name = bucket.name def put_policy(self, policy): """ Apply a security policy to the bucket. Policies control users' ability to perform specific actions, such as listing the objects in the bucket. :param policy: The policy to apply to the bucket. """ try: self.bucket.Policy().put(Policy=json.dumps(policy)) logger.info("Put policy %s for bucket '%s'.", policy, self.bucket.name) except ClientError: logger.exception("Couldn't apply policy to bucket '%s'.", self.bucket.name) raise-
如需API詳細資訊,請參閱 PutBucketPolicy 中的 AWS SDK for Python (Boto3) API參考 。
-
- Ruby
-
- SDK 適用於 Ruby
-
注意
還有更多 。 GitHub尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 # Wraps an Amazon S3 bucket policy. class BucketPolicyWrapper attr_reader :bucket_policy # @param bucket_policy [Aws::S3::BucketPolicy] A bucket policy object configured with an existing bucket. def initialize(bucket_policy) @bucket_policy = bucket_policy end # Sets a policy on a bucket. # def policy(policy) @bucket_policy.put(policy: policy) true rescue Aws::Errors::ServiceError => e puts "Couldn't set the policy for #{@bucket_policy.bucket.name}. Here's why: #{e.message}" false end end-
如需API詳細資訊,請參閱 參考 PutBucketPolicy中的 。 AWS SDK for Ruby API
-
PutBucketNotificationConfiguration
PutBucketReplication