All Products
Search
Document Center

Object Storage Service:Block public access at the access point level (Go SDK V2)

Last Updated:Mar 20, 2026

Use OSS SDK for Go V2 to enable, query, and delete the Block Public Access configuration on an access point.

Prerequisites

Before you begin, ensure that you have:

  • An OSS bucket with at least one access point

  • The OSS SDK for Go V2 installed (github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss)

  • Access credentials configured as environment variables

For information about setting up credentials, see Configure access credentials.

Usage notes

  • The sample code in this topic uses the China (Hangzhou) region (cn-hangzhou) with a public endpoint. To access OSS from another Alibaba Cloud service in the same region, use an internal endpoint instead. For supported regions and endpoints, see OSS regions and endpoints.

  • Credentials are read from environment variables in all examples. Avoid hardcoding credentials in source code.

Enable Block Public Access for an access point

Submit a PutAccessPointPublicAccessBlock request with PublicAccessBlockConfiguration set to true.

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)

var (
	region     string
	bucketName string
)

func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	flag.Parse()

	var accessPointName = "access point name"

	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg)

	request := &oss.PutAccessPointPublicAccessBlockRequest{
		Bucket:          oss.Ptr(bucketName),
		AccessPointName: oss.Ptr(accessPointName),
		PublicAccessBlockConfiguration: &oss.PublicAccessBlockConfiguration{
			oss.Ptr(true), // Enable Block Public Access.
		},
	}
	putResult, err := client.PutAccessPointPublicAccessBlock(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to put access point public access block %v", err)
	}

	log.Printf("put access point public access block result:%#v\n", putResult)
}

Query the Block Public Access configuration for an access point

Submit a GetAccessPointPublicAccessBlock request to retrieve the current Block Public Access configuration for an access point. Use this to verify that a previous enable or delete operation took effect.

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)

var (
	region     string
	bucketName string
)

func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	flag.Parse()

	var accessPointName = "access point name"

	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg)

	request := &oss.GetAccessPointPublicAccessBlockRequest{
		Bucket:          oss.Ptr(bucketName),
		AccessPointName: oss.Ptr(accessPointName),
	}
	getResult, err := client.GetAccessPointPublicAccessBlock(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to get access point public access block %v", err)
	}

	log.Printf("get access point public access block result:%#v\n", getResult)
}

Delete the Block Public Access configuration for an access point

Submit a DeleteAccessPointPublicAccessBlock request to remove the Block Public Access configuration from an access point.

package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)

var (
	region     string
	bucketName string
)

func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	flag.Parse()

	var accessPointName = "access point name"

	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg)

	request := &oss.DeleteAccessPointPublicAccessBlockRequest{
		Bucket:          oss.Ptr(bucketName),
		AccessPointName: oss.Ptr(accessPointName),
	}
	deleteResult, err := client.DeleteAccessPointPublicAccessBlock(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to delete access point public access block %v", err)
	}

	log.Printf("delete access point public access block result:%#v\n", deleteResult)
}

What's next