Managing Amazon S3 bucket access permissions with the AWS SDK for PHP Version 3
Access control lists (ACLs) are one of the resource-based access policy options you can use to manage access to your buckets and objects. You can use ACLs to grant basic read/write permissions to other AWS accounts. To learn more, see Managing Access with ACLs.
The following example shows how to:
-
Get the access control policy for a bucket using GetBucketAcl.
-
Set the permissions on a bucket using ACLs, using PutBucketAcl.
All the example code for the AWS SDK for PHP is available here on
GitHub
Credentials
Before running the example code, configure your AWS credentials, as described in Credentials. Then import the AWS SDK for PHP, as described in Basic usage.
Get and set an access control list policy
Imports
require 'vendor/autoload.php'; use Aws\S3\S3Client; use Aws\Exception\AwsException;
Sample Code
// Create a S3Client $s3Client = new S3Client([ 'profile' => 'default', 'region' => 'us-west-2', 'version' => '2006-03-01' ]); // Gets the access control policy for a bucket $bucket = 'amzn-s3-demo-bucket'; try { $resp = $s3Client->getBucketAcl([ 'Bucket' => $bucket ]); echo "Succeed in retrieving bucket ACL as follows: \n"; var_dump($resp); } catch (AwsException $e) { // output error message if fails echo $e->getMessage(); echo "\n"; } // Sets the permissions on a bucket using access control lists (ACL). $params = [ 'ACL' => 'public-read', 'AccessControlPolicy' => [ // Information can be retrieved from `getBucketAcl` response 'Grants' => [ [ 'Grantee' => [ 'DisplayName' => '<string>', 'EmailAddress' => '<string>', 'ID' => '<string>', 'Type' => 'CanonicalUser', 'URI' => '<string>', ], 'Permission' => 'FULL_CONTROL', ], // ... ], 'Owner' => [ 'DisplayName' => '<string>', 'ID' => '<string>', ], ], 'Bucket' => $bucket, ]; try { $resp = $s3Client->putBucketAcl($params); echo "Succeed in setting bucket ACL.\n"; } catch (AwsException $e) { // Display error message echo $e->getMessage(); echo "\n"; }