選取您的 Cookie 偏好設定

我們使用提供自身網站和服務所需的基本 Cookie 和類似工具。我們使用效能 Cookie 收集匿名統計資料,以便了解客戶如何使用我們的網站並進行改進。基本 Cookie 無法停用,但可以按一下「自訂」或「拒絕」以拒絕效能 Cookie。

如果您同意,AWS 與經核准的第三方也會使用 Cookie 提供實用的網站功能、記住您的偏好設定,並顯示相關內容,包括相關廣告。若要接受或拒絕所有非必要 Cookie,請按一下「接受」或「拒絕」。若要進行更詳細的選擇,請按一下「自訂」。

使用 AWS SDK 管理 Amazon S3 儲存貯體的存取控制清單 (ACLs) - AWS SDK 程式碼範例

文件 AWS 開發套件範例 GitHub 儲存庫中有更多可用的 AWS SDK 範例

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

文件 AWS 開發套件範例 GitHub 儲存庫中有更多可用的 AWS SDK 範例

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

使用 AWS SDK 管理 Amazon S3 儲存貯體的存取控制清單 (ACLs)

下列程式碼範例示範如何管理 Amazon S3 儲存貯體的存取控制清單 (ACL)。

.NET
AWS SDK for .NET
注意

GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫中設定和執行。

using System; using System.Collections.Generic; using System.Threading.Tasks; using Amazon.S3; using Amazon.S3.Model; /// <summary> /// This example shows how to manage Amazon Simple Storage Service /// (Amazon S3) access control lists (ACLs) to control Amazon S3 bucket /// access. /// </summary> public class ManageACLs { public static async Task Main() { string bucketName = "amzn-s3-demo-bucket1"; string newBucketName = "amzn-s3-demo-bucket2"; string keyName = "sample-object.txt"; string emailAddress = "someone@example.com"; // If the AWS Region where your bucket is located is different from // the Region defined for the default user, pass the Amazon S3 bucket's // name to the client constructor. It should look like this: // RegionEndpoint bucketRegion = RegionEndpoint.USEast1; IAmazonS3 client = new AmazonS3Client(); await TestBucketObjectACLsAsync(client, bucketName, newBucketName, keyName, emailAddress); } /// <summary> /// Creates a new Amazon S3 bucket with a canned ACL, then retrieves the ACL /// information and then adds a new ACL to one of the objects in the /// Amazon S3 bucket. /// </summary> /// <param name="client">The initialized Amazon S3 client object used to call /// methods to create a bucket, get an ACL, and add a different ACL to /// one of the objects.</param> /// <param name="bucketName">A string representing the original Amazon S3 /// bucket name.</param> /// <param name="newBucketName">A string representing the name of the /// new bucket that will be created.</param> /// <param name="keyName">A string representing the key name of an Amazon S3 /// object for which we will change the ACL.</param> /// <param name="emailAddress">A string representing the email address /// belonging to the person to whom access to the Amazon S3 bucket will be /// granted.</param> public static async Task TestBucketObjectACLsAsync( IAmazonS3 client, string bucketName, string newBucketName, string keyName, string emailAddress) { try { // Create a new Amazon S3 bucket and specify canned ACL. var success = await CreateBucketWithCannedACLAsync(client, newBucketName); // Get the ACL on a bucket. await GetBucketACLAsync(client, bucketName); // Add (replace) the ACL on an object in a bucket. await AddACLToExistingObjectAsync(client, bucketName, keyName, emailAddress); } catch (AmazonS3Exception amazonS3Exception) { Console.WriteLine($"Exception: {amazonS3Exception.Message}"); } } /// <summary> /// Creates a new Amazon S3 bucket with a canned ACL attached. /// </summary> /// <param name="client">The initialized client object used to call /// PutBucketAsync.</param> /// <param name="newBucketName">A string representing the name of the /// new Amazon S3 bucket.</param> /// <returns>Returns a boolean value indicating success or failure.</returns> public static async Task<bool> CreateBucketWithCannedACLAsync(IAmazonS3 client, string newBucketName) { var request = new PutBucketRequest() { BucketName = newBucketName, BucketRegion = S3Region.EUWest1, // Add a canned ACL. CannedACL = S3CannedACL.LogDeliveryWrite, }; var response = await client.PutBucketAsync(request); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Retrieves the ACL associated with the Amazon S3 bucket name in the /// bucketName parameter. /// </summary> /// <param name="client">The initialized client object used to call /// PutBucketAsync.</param> /// <param name="bucketName">The Amazon S3 bucket for which we want to get the /// ACL list.</param> /// <returns>Returns an S3AccessControlList returned from the call to /// GetACLAsync.</returns> public static async Task<S3AccessControlList> GetBucketACLAsync(IAmazonS3 client, string bucketName) { GetACLResponse response = await client.GetACLAsync(new GetACLRequest { BucketName = bucketName, }); return response.AccessControlList; } /// <summary> /// Adds a new ACL to an existing object in the Amazon S3 bucket. /// </summary> /// <param name="client">The initialized client object used to call /// PutBucketAsync.</param> /// <param name="bucketName">A string representing the name of the Amazon S3 /// bucket containing the object to which we want to apply a new ACL.</param> /// <param name="keyName">A string representing the name of the object /// to which we want to apply the new ACL.</param> /// <param name="emailAddress">The email address of the person to whom /// we will be applying to whom access will be granted.</param> public static async Task AddACLToExistingObjectAsync(IAmazonS3 client, string bucketName, string keyName, string emailAddress) { // Retrieve the ACL for an object. GetACLResponse aclResponse = await client.GetACLAsync(new GetACLRequest { BucketName = bucketName, Key = keyName, }); S3AccessControlList acl = aclResponse.AccessControlList; // Retrieve the owner. Owner owner = acl.Owner; // Clear existing grants. acl.Grants.Clear(); // Add a grant to reset the owner's full permission // (the previous clear statement removed all permissions). var fullControlGrant = new S3Grant { Grantee = new S3Grantee { CanonicalUser = acl.Owner.Id }, }; acl.AddGrant(fullControlGrant.Grantee, S3Permission.FULL_CONTROL); // Specify email to identify grantee for granting permissions. var grantUsingEmail = new S3Grant { Grantee = new S3Grantee { EmailAddress = emailAddress }, Permission = S3Permission.WRITE_ACP, }; // Specify log delivery group as grantee. var grantLogDeliveryGroup = new S3Grant { Grantee = new S3Grantee { URI = "http://acs.amazonaws.com/groups/s3/LogDelivery" }, Permission = S3Permission.WRITE, }; // Create a new ACL. var newAcl = new S3AccessControlList { Grants = new List<S3Grant> { grantUsingEmail, grantLogDeliveryGroup }, Owner = owner, }; // Set the new ACL. We're throwing away the response here. _ = await client.PutACLAsync(new PutACLRequest { BucketName = bucketName, Key = keyName, AccessControlList = newAcl, }); } }
AWS SDK for .NET
注意

GitHub 上提供更多範例。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫中設定和執行。

using System; using System.Collections.Generic; using System.Threading.Tasks; using Amazon.S3; using Amazon.S3.Model; /// <summary> /// This example shows how to manage Amazon Simple Storage Service /// (Amazon S3) access control lists (ACLs) to control Amazon S3 bucket /// access. /// </summary> public class ManageACLs { public static async Task Main() { string bucketName = "amzn-s3-demo-bucket1"; string newBucketName = "amzn-s3-demo-bucket2"; string keyName = "sample-object.txt"; string emailAddress = "someone@example.com"; // If the AWS Region where your bucket is located is different from // the Region defined for the default user, pass the Amazon S3 bucket's // name to the client constructor. It should look like this: // RegionEndpoint bucketRegion = RegionEndpoint.USEast1; IAmazonS3 client = new AmazonS3Client(); await TestBucketObjectACLsAsync(client, bucketName, newBucketName, keyName, emailAddress); } /// <summary> /// Creates a new Amazon S3 bucket with a canned ACL, then retrieves the ACL /// information and then adds a new ACL to one of the objects in the /// Amazon S3 bucket. /// </summary> /// <param name="client">The initialized Amazon S3 client object used to call /// methods to create a bucket, get an ACL, and add a different ACL to /// one of the objects.</param> /// <param name="bucketName">A string representing the original Amazon S3 /// bucket name.</param> /// <param name="newBucketName">A string representing the name of the /// new bucket that will be created.</param> /// <param name="keyName">A string representing the key name of an Amazon S3 /// object for which we will change the ACL.</param> /// <param name="emailAddress">A string representing the email address /// belonging to the person to whom access to the Amazon S3 bucket will be /// granted.</param> public static async Task TestBucketObjectACLsAsync( IAmazonS3 client, string bucketName, string newBucketName, string keyName, string emailAddress) { try { // Create a new Amazon S3 bucket and specify canned ACL. var success = await CreateBucketWithCannedACLAsync(client, newBucketName); // Get the ACL on a bucket. await GetBucketACLAsync(client, bucketName); // Add (replace) the ACL on an object in a bucket. await AddACLToExistingObjectAsync(client, bucketName, keyName, emailAddress); } catch (AmazonS3Exception amazonS3Exception) { Console.WriteLine($"Exception: {amazonS3Exception.Message}"); } } /// <summary> /// Creates a new Amazon S3 bucket with a canned ACL attached. /// </summary> /// <param name="client">The initialized client object used to call /// PutBucketAsync.</param> /// <param name="newBucketName">A string representing the name of the /// new Amazon S3 bucket.</param> /// <returns>Returns a boolean value indicating success or failure.</returns> public static async Task<bool> CreateBucketWithCannedACLAsync(IAmazonS3 client, string newBucketName) { var request = new PutBucketRequest() { BucketName = newBucketName, BucketRegion = S3Region.EUWest1, // Add a canned ACL. CannedACL = S3CannedACL.LogDeliveryWrite, }; var response = await client.PutBucketAsync(request); return response.HttpStatusCode == System.Net.HttpStatusCode.OK; } /// <summary> /// Retrieves the ACL associated with the Amazon S3 bucket name in the /// bucketName parameter. /// </summary> /// <param name="client">The initialized client object used to call /// PutBucketAsync.</param> /// <param name="bucketName">The Amazon S3 bucket for which we want to get the /// ACL list.</param> /// <returns>Returns an S3AccessControlList returned from the call to /// GetACLAsync.</returns> public static async Task<S3AccessControlList> GetBucketACLAsync(IAmazonS3 client, string bucketName) { GetACLResponse response = await client.GetACLAsync(new GetACLRequest { BucketName = bucketName, }); return response.AccessControlList; } /// <summary> /// Adds a new ACL to an existing object in the Amazon S3 bucket. /// </summary> /// <param name="client">The initialized client object used to call /// PutBucketAsync.</param> /// <param name="bucketName">A string representing the name of the Amazon S3 /// bucket containing the object to which we want to apply a new ACL.</param> /// <param name="keyName">A string representing the name of the object /// to which we want to apply the new ACL.</param> /// <param name="emailAddress">The email address of the person to whom /// we will be applying to whom access will be granted.</param> public static async Task AddACLToExistingObjectAsync(IAmazonS3 client, string bucketName, string keyName, string emailAddress) { // Retrieve the ACL for an object. GetACLResponse aclResponse = await client.GetACLAsync(new GetACLRequest { BucketName = bucketName, Key = keyName, }); S3AccessControlList acl = aclResponse.AccessControlList; // Retrieve the owner. Owner owner = acl.Owner; // Clear existing grants. acl.Grants.Clear(); // Add a grant to reset the owner's full permission // (the previous clear statement removed all permissions). var fullControlGrant = new S3Grant { Grantee = new S3Grantee { CanonicalUser = acl.Owner.Id }, }; acl.AddGrant(fullControlGrant.Grantee, S3Permission.FULL_CONTROL); // Specify email to identify grantee for granting permissions. var grantUsingEmail = new S3Grant { Grantee = new S3Grantee { EmailAddress = emailAddress }, Permission = S3Permission.WRITE_ACP, }; // Specify log delivery group as grantee. var grantLogDeliveryGroup = new S3Grant { Grantee = new S3Grantee { URI = "http://acs.amazonaws.com/groups/s3/LogDelivery" }, Permission = S3Permission.WRITE, }; // Create a new ACL. var newAcl = new S3AccessControlList { Grants = new List<S3Grant> { grantUsingEmail, grantLogDeliveryGroup }, Owner = owner, }; // Set the new ACL. We're throwing away the response here. _ = await client.PutACLAsync(new PutACLRequest { BucketName = bucketName, Key = keyName, AccessControlList = newAcl, }); } }
隱私權網站條款Cookie 偏好設定
© 2025, Amazon Web Services, Inc.或其附屬公司。保留所有權利。