Bucket policies are resource-based authorization policies. You can use bucket policies to grant other users the permission to access specific resources in Object Storage Service (OSS).

Configure bucket policies

The following code provides an example on how to configure a bucket policy:

# -*- coding: utf-8 -*-

import oss2
import json

# Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to access OSS because the account has permissions on all API operations. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
auth = oss2.Auth('yourAccessKeyId', 'yourAccessKeySecret')
# In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
# Specify yourBucketName as the name of the bucket. 
bucket = oss2.Bucket(auth, 'http://oss-cn-hangzhou.aliyuncs.com', 'yourBucketName')

# Configure the value of policy_text, which is the content of the bucket policy. 
policy_text = '{"Statement": [{"Effect": "Allow", "Action": ["oss:GetObject", "oss:ListObjects"], "Resource": ["acs:oss:*:*:*/user1/*"]}], "Version": "1"}'

# Configure the bucket policy. 
bucket.put_bucket_policy(policy_text)

Query the bucket policies configured for a bucket

The following code provides an example on how to query the policies configured for a bucket:

# -*- coding: utf-8 -*-

import oss2
import json
# Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to access OSS because the account has permissions on all API operations. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
auth = oss2.Auth('yourAccessKeyId', 'yourAccessKeySecret')
# In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
# Specify yourBucketName as the name of the bucket. 
bucket = oss2.Bucket(auth, 'http://oss-cn-hangzhou.aliyuncs.com', 'yourBucketName')

# Query the bucket policies configured for the bucket. 
result = bucket.get_bucket_policy()
policy_json = json.loads(result.policy) 
print("Get policy text: ", policy_json)

Delete the bucket policies configured for a bucket

The following code provides an example on how to delete the policies configured for a bucket:

# -*- coding: utf-8 -*-

import oss2
# Security risks may arise if you use the AccessKey pair of an Alibaba Cloud account to access OSS because the account has permissions on all API operations. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
auth = oss2.Auth('yourAccessKeyId', 'yourAccessKeySecret')
# In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
# Specify yourBucketName as the name of the bucket. 
bucket = oss2.Bucket(auth, 'http://oss-cn-hangzhou.aliyuncs.com', 'yourBucketName')

# Delete the bucket policies configured for the bucket. 
result = bucket.delete_bucket_policy()
assert int(result.status)//100 == 2

References

  • For more information about the complete sample code for bucket policies, visit GitHub.
  • For more information about the API operation that you can call to configure bucket policies for a bucket, see PutBucketPolicy.
  • For more information about the API operation that you can call to query the bucket policies configured for a bucket, see GetBucketPolicy.
  • For more information about the API operation that you can call to delete bucket policies configured for a bucket, see DeleteBucketPolicy.