("");
*request_body << policyBody;
Aws::S3::Model::PutBucketPolicyRequest request;
request.SetBucket(bucketName);
request.SetBody(request_body);
Aws::S3::Model::PutBucketPolicyOutcome outcome =
s3Client.PutBucketPolicy(request);
if (!outcome.IsSuccess()) {
std::cerr << "Error: putBucketPolicy: "
<< outcome.GetError().GetMessage() << std::endl;
} else {
std::cout << "Set the following policy body for the bucket '" <<
bucketName << "':" << std::endl << std::endl;
std::cout << policyBody << std::endl;
}
return outcome.IsSuccess();
}
//! Build a policy JSON string.
/*!
\param userArn: Aws user Amazon Resource Name (ARN).
For more information, see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns.
\param bucketName: Name of a bucket.
\return String: Policy as JSON string.
*/
Aws::String getPolicyString(const Aws::String &userArn,
const Aws::String &bucketName) {
return
"{\n"
" \"Version\":\"2012-10-17\",\n"
" \"Statement\":[\n"
" {\n"
" \"Sid\": \"1\",\n"
" \"Effect\": \"Allow\",\n"
" \"Principal\": {\n"
" \"AWS\": \""
+ userArn +
"\"\n"" },\n"
" \"Action\": [ \"s3:getObject\" ],\n"
" \"Resource\": [ \"arn:aws:s3:::"
+ bucketName +
"/*\" ]\n"
" }\n"
" ]\n"
"}";
}
```
+ Einzelheiten zur API finden Sie [PutBucketPolicy](https://docs.aws.amazon.com/goto/SdkForCpp/s3-2006-03-01/PutBucketPolicy)in der *AWS SDK für C\$1\$1 API-Referenz*.
------
#### [ CLI ]
**AWS CLI**
In diesem Beispiel können alle Benutzer jedes Objekt im *amzn-s3-demo-bucket* abrufen, mit Ausnahme der Objekte im. *MySecretFolder* Es gewährt dem Root-Benutzer des `put` Kontos auch `delete` die folgenden Berechtigungen: AWS `1234-5678-9012`
```
aws s3api put-bucket-policy --bucket amzn-s3-demo-bucket --policy file://policy.json
policy.json:
{
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::amzn-s3-demo-bucket/*"
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::amzn-s3-demo-bucket/MySecretFolder/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": [
"s3:DeleteObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::amzn-s3-demo-bucket/*"
}
]
}
```
+ Einzelheiten zur API finden Sie [PutBucketPolicy](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3api/put-bucket-policy.html)in der *AWS CLI Befehlsreferenz*.
------
#### [ Java ]
**SDK für Java 2.x**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/s3#code-examples) einrichten und ausführen.
```
import software.amazon.awssdk.services.s3.S3Client;
import software.amazon.awssdk.services.s3.model.PutBucketPolicyRequest;
import software.amazon.awssdk.services.s3.model.S3Exception;
import software.amazon.awssdk.regions.Region;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.List;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.ObjectMapper;
/**
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
*
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class SetBucketPolicy {
public static void main(String[] args) {
final String usage = """
Usage:
Where:
bucketName - The Amazon S3 bucket to set the policy on.
polFile - A JSON file containing the policy (see the Amazon S3 Readme for an example).\s
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String bucketName = args[0];
String polFile = args[1];
String policyText = getBucketPolicyFromFile(polFile);
Region region = Region.US_EAST_1;
S3Client s3 = S3Client.builder()
.region(region)
.build();
setPolicy(s3, bucketName, policyText);
s3.close();
}
/**
* Sets the policy for an Amazon S3 bucket.
*
* @param s3 the {@link S3Client} object used to interact with the Amazon S3 service
* @param bucketName the name of the Amazon S3 bucket
* @param policyText the text of the policy to be set on the bucket
* @throws S3Exception if there is an error setting the bucket policy
*/
public static void setPolicy(S3Client s3, String bucketName, String policyText) {
System.out.println("Setting policy:");
System.out.println("----");
System.out.println(policyText);
System.out.println("----");
System.out.format("On Amazon S3 bucket: \"%s\"\n", bucketName);
try {
PutBucketPolicyRequest policyReq = PutBucketPolicyRequest.builder()
.bucket(bucketName)
.policy(policyText)
.build();
s3.putBucketPolicy(policyReq);
} catch (S3Exception e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
System.out.println("Done!");
}
/**
* Retrieves the bucket policy from a specified file.
*
* @param policyFile the path to the file containing the bucket policy
* @return the content of the bucket policy file as a string
*/
public static String getBucketPolicyFromFile(String policyFile) {
StringBuilder fileText = new StringBuilder();
try {
List lines = Files.readAllLines(Paths.get(policyFile), StandardCharsets.UTF_8);
for (String line : lines) {
fileText.append(line);
}
} catch (IOException e) {
System.out.format("Problem reading file: \"%s\"", policyFile);
System.out.println(e.getMessage());
}
try {
final JsonParser parser = new ObjectMapper().getFactory().createParser(fileText.toString());
while (parser.nextToken() != null) {
}
} catch (IOException jpe) {
jpe.printStackTrace();
}
return fileText.toString();
}
}
```
+ Einzelheiten zur API finden Sie [PutBucketPolicy](https://docs.aws.amazon.com/goto/SdkForJavaV2/s3-2006-03-01/PutBucketPolicy)in der *AWS SDK for Java 2.x API-Referenz*.
------
#### [ JavaScript ]
**SDK für JavaScript (v3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javascriptv3/example_code/s3#code-examples) einrichten und ausführen.
Fügen Sie die Richtlinie hinzu.
```
import {
PutBucketPolicyCommand,
S3Client,
S3ServiceException,
} from "@aws-sdk/client-s3";
/**
* Grant an IAM role GetObject access to all of the objects
* in the provided bucket.
* @param {{ bucketName: string, iamRoleArn: string }}
*/
export const main = async ({ bucketName, iamRoleArn }) => {
const client = new S3Client({});
const command = new PutBucketPolicyCommand({
// This is a resource-based policy. For more information on resource-based policies,
// see https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_resource-based.
Policy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
AWS: iamRoleArn,
},
Action: "s3:GetObject",
Resource: `arn:aws:s3:::${bucketName}/*`,
},
],
}),
// Apply the preceding policy to this bucket.
Bucket: bucketName,
});
try {
await client.send(command);
console.log(
`GetObject access to the bucket "${bucketName}" was granted to the provided IAM role.`,
);
} catch (caught) {
if (
caught instanceof S3ServiceException &&
caught.name === "MalformedPolicy"
) {
console.error(
`Error from S3 while setting the bucket policy for the bucket "${bucketName}". The policy was malformed.`,
);
} else if (caught instanceof S3ServiceException) {
console.error(
`Error from S3 while setting the bucket policy for the bucket "${bucketName}". ${caught.name}: ${caught.message}`,
);
} else {
throw caught;
}
}
};
```
+ Weitere Informationen finden Sie im [AWS SDK für JavaScript -Entwicklerhandbuch](https://docs.aws.amazon.com/sdk-for-javascript/v3/developer-guide/s3-example-bucket-policies.html#s3-example-bucket-policies-set-policy).
+ Einzelheiten zur API finden Sie [PutBucketPolicy](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/s3/command/PutBucketPolicyCommand)in der *AWS SDK für JavaScript API-Referenz*.
------
#### [ Python ]
**SDK für Python (Boto3)**
Es gibt noch mehr dazu GitHub. Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/python/example_code/s3/s3_basics#code-examples) einrichten und ausführen.
```
class BucketWrapper:
"""Encapsulates S3 bucket actions."""
def __init__(self, bucket):
"""
:param bucket: A Boto3 Bucket resource. This is a high-level resource in Boto3
that wraps bucket actions in a class-like structure.
"""
self.bucket = bucket
self.name = bucket.name
def put_policy(self, policy):
"""
Apply a security policy to the bucket. Policies control users' ability
to perform specific actions, such as listing the objects in the bucket.
:param policy: The policy to apply to the bucket.
"""
try:
self.bucket.Policy().put(Policy=json.dumps(policy))
logger.info("Put policy %s for bucket '%s'.", policy, self.bucket.name)
except ClientError:
logger.exception("Couldn't apply policy to bucket '%s'.", self.bucket.name)
raise
```
+ Einzelheiten zur API finden Sie [PutBucketPolicy](https://docs.aws.amazon.com/goto/boto3/s3-2006-03-01/PutBucketPolicy)in *AWS SDK for Python (Boto3) API* Reference.
------
#### [ Ruby ]
**SDK für Ruby**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/ruby/example_code/s3#code-examples) einrichten und ausführen.
```
# Wraps an Amazon S3 bucket policy.
class BucketPolicyWrapper
attr_reader :bucket_policy
# @param bucket_policy [Aws::S3::BucketPolicy] A bucket policy object configured with an existing bucket.
def initialize(bucket_policy)
@bucket_policy = bucket_policy
end
# Sets a policy on a bucket.
#
def policy(policy)
@bucket_policy.put(policy: policy)
true
rescue Aws::Errors::ServiceError => e
puts "Couldn't set the policy for #{@bucket_policy.bucket.name}. Here's why: #{e.message}"
false
end
end
```
+ Einzelheiten zur API finden Sie [PutBucketPolicy](https://docs.aws.amazon.com/goto/SdkForRubyV3/s3-2006-03-01/PutBucketPolicy)in der *AWS SDK für Ruby API-Referenz*.
------
#### [ SAP ABAP ]
**SDK für SAP ABAP**
Es gibt noch mehr dazu. GitHub Hier finden Sie das vollständige Beispiel und erfahren, wie Sie das [AWS -Code-Beispiel-](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/sap-abap/services/s3#code-examples) einrichten und ausführen.
```
TRY.
" Example policy JSON string
" iv_policy = '{"Version":"2012-10-17", "Statement":[{"Effect":"Allow","Principal":{"AWS":"arn:aws:iam::123456789012:user/user"},"Action":["s3:GetObject"],"Resource":["arn:aws:s3:::bucketname/*"]}]}'
lo_s3->putbucketpolicy(
iv_bucket = iv_bucket_name
iv_policy = iv_policy ).
MESSAGE 'Bucket policy set.' TYPE 'I'.
CATCH /aws1/cx_s3_nosuchbucket.
MESSAGE 'Bucket does not exist.' TYPE 'E'.
ENDTRY.
```
+ Einzelheiten zur API finden Sie [PutBucketPolicy](https://docs.aws.amazon.com/sdk-for-sap-abap/v1/api/latest/index.html)in der *API-Referenz zum AWS SDK für SAP ABAP*.
------