All Products
Search

This Product

    CloudOps Orchestration Service:ACS-OSS-PutBucketPolicy

    Document Center

    CloudOps Orchestration Service:ACS-OSS-PutBucketPolicy

    Last Updated:Dec 27, 2024

    Template name

    ACS-OSS-PutBucketPolicy

    Execute Now

    Template description

    Configures a policy for a bucket.

    Template type

    Automated

    Owner

    Alibaba Cloud

    Input parameters

    Parameter

    Description

    Type

    Required

    Default value

    Limit

    bucketName

    The name of the Object Storage Service (OSS) bucket.

    String

    Yes

    bucketPolicy

    The policy for the bucket.

    Json

    Yes

    regionId

    The region ID.

    String

    No

    {{ ACS::RegionId }}

    OOSAssumeRole

    The RAM role that is assumed by CloudOps Orchestration Service (OOS).

    String

    No

    ""

    Output parameters

    Parameter

    Description

    Type

    policyInfo

    Json

    Permission policy that is required to execute the template

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "oss:GetBucketPolicy",
                "oss:PutBucketPolicy"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    References

    For more information, see ACS-OSS-PutBucketPolicy.yml at GitHub.

    Template content

    FormatVersion: OOS-2019-06-01
Description:
  en: Put the bucket policy
  name-en: ACS-OSS-PutBucketPolicy
  categories:
    - security
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  bucketName:
    Label:
      en: BucketName
    Type: String
  bucketPolicy:
    Label:
      en: BucketPolicy
    Description:
      en: (for example:{"Version":"1","Statement":[{"Action":["oss:PutObject","oss:GetObject"],"Effect":"Deny","Principal":["1234567890"],"Resource":["acs:oss:*:1234567890:*/*"]}]}).
    Type: Json
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: putBucketPolicy
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Put the bucket policy
    Properties:
      Service: OSS
      API: PutBucketPolicy
      Method: PUT
      URI: '?policy'
      Headers:
        Content-MD5: ""
        Content-Type: application/json
      Parameters:
        BucketName: '{{ bucketName }}'
        RegionId: '{{ regionId }}'
      Body: '{{ bucketPolicy }}'
  - Name: waitBucketPolicy
    Action: 'ACS::WaitFor'
    Description:
      en: Wait for the authorization policy of the storage space to take effect
    Properties:
      Service: OSS
      API: GetBucketPolicy
      Method: GET
      URI: '?policy'
      Headers: {}
      Parameters:
        BucketName: '{{ bucketName }}'
        RegionId: '{{ regionId }}'
      DesiredValues:
        - '{{ bucketPolicy }}'
      PropertySelector: .
Outputs:
  policyInfo:
    Type: Json
    Value:
      bucketName: '{{ bucketName }}'
      bucketPolicy: '{{ bucketPolicy }}'