Bucket policies are resource-based authorization policies. You can use bucket policies to grant other users the permissions to access specific resources in Object Storage Service (OSS).

Configure a bucket policy

The following sample code shows how to configure a policy for a bucket:

# -*- coding: utf-8 -*-

import oss2
import json

# The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
auth = oss2.Auth('yourAccessKeyId', 'yourAccessKeySecret')
# In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
# Set yourBucketName to the name of your bucket. 
bucket = oss2.Bucket(auth, 'http://oss-cn-hangzhou.aliyuncs.com', 'yourBucketName')

# Specify the policy_text. 
policy_text = '{"Statement": [{"Effect": "Allow", "Action": ["oss:GetObject", "oss:ListObjects"], "Resource": ["acs:oss:*:174649585760xxxx:examplebucket/*"]}], "Version": "1"}'

# Configure the bucket policy. 
bucket.put_bucket_policy(policy_text)

Query bucket policies

The following sample code shows how to query the policies configured for a bucket:

# -*- coding: utf-8 -*-

import oss2
import json
# The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
auth = oss2.Auth('yourAccessKeyId', 'yourAccessKeySecret')
# In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
# Set yourBucketName to the name of your bucket. 
bucket = oss2.Bucket(auth, 'http://oss-cn-hangzhou.aliyuncs.com', 'yourBucketName')

# Query the policies that are configured for the bucket. 
result = bucket.get_bucket_policy()
policy_json = json.loads(result.policy) 
print("Get policy text: ", policy_json)

Delete bucket policies

The following sample code shows how to delete the policies configured for a bucket:

# -*- coding: utf-8 -*-

import oss2
# The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use a RAM user to call API operations or perform routine O&M. To create a RAM user, log on to the RAM console. 
auth = oss2.Auth('yourAccessKeyId', 'yourAccessKeySecret')
# In this example, the endpoint of the China (Hangzhou) region is used. Specify your actual endpoint. 
# Set yourBucketName to the name of your bucket. 
bucket = oss2.Bucket(auth, 'http://oss-cn-hangzhou.aliyuncs.com', 'yourBucketName')

# Delete the policies that are configured for the bucket. 
result = bucket.delete_bucket_policy()
assert int(result.status)//100 == 2

References

  • For more information about the complete sample code for bucket policies, visit GitHub.
  • For more information about the API operation that you can call to configure a bucket policy for a bucket, see PutBucketPolicy.
  • For more information about the API operation that you can call to query the bucket policies, see GetBucketPolicy.
  • For more information about the API operation that you can call to delete bucket policies, see DeleteBucketPolicy.