All Products
Search

This Product

    Object Storage Service:Block public access for buckets (Go SDK V2)

    Document Center

    Object Storage Service:Block public access for buckets (Go SDK V2)

    Last Updated:Aug 02, 2025

    This topic describes how to manage Block Public Access configurations for buckets using the Object Storage Service (OSS) SDK for Go V2.

    Notes

    • The sample code in this topic uses the China (Hangzhou) region (cn-hangzhou) as an example. By default, a public endpoint is used to access resources in a bucket. If you want to use other Alibaba Cloud services in the same region to access resources in the bucket, use an internal endpoint. For more information about the regions and endpoints that Object Storage Service (OSS) supports, see OSS regions and endpoints.

    • The sample code in this topic retrieves access credentials from environment variables. For more information about how to configure access credentials, see Configure access credentials.

    Sample code

    Enable block public access for a bucket

    You can use the following code to enable Block Public Access for a bucket.

    package main

import (
	"context" 
	"flag"    
	"log"     

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // The SDK package for Alibaba Cloud OSS.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // The package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)

// The init function is executed before the main function to initialize the program.
func init() {
	// Set the command-line parameter to specify the region. The default value is an empty string.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set the command-line parameter to specify the bucket name. The default value is an empty string.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	flag.Parse() // Parse command-line parameters.

	// Check whether a bucket name is provided. If not, print the default parameters and exit the program.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Record the error and terminate the program.
	}

	// Check whether region information is provided. If not, print the default parameters and exit the program.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Record the error and terminate the program.
	}

	// Create a configuration object, use environment variables as the credential provider, and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Use the configuration to create an OSS client instance.

	// Create a PutBucketPublicAccessBlockRequest object to set the Block Public Access configuration for a specific bucket.
	request := &oss.PutBucketPublicAccessBlockRequest{
		Bucket: oss.Ptr(bucketName), // Specify the name of the bucket to operate.
		PublicAccessBlockConfiguration: &oss.PublicAccessBlockConfiguration{
			oss.Ptr(true), // Enable the Block Public Access configuration.
		},
	}
	putResult, err := client.PutBucketPublicAccessBlock(context.TODO(), request) // Execute the request to set Block Public Access.
	if err != nil {
		log.Fatalf("failed to put bucket public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("put bucket public access block result:%#v\n", putResult) // Print the result of setting Block Public Access.
}

    Query public access blocking configurations for a bucket

    You can use the following code to query the Block Public Access configuration for a bucket.

    package main

import (
	"context" 
	"flag"    
	"log"     

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // The SDK package for Alibaba Cloud OSS.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // The package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)

// The init function is executed before the main function to initialize the program.
func init() {
	// Set the command-line parameter to specify the region. The default value is an empty string.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set the command-line parameter to specify the bucket name. The default value is an empty string.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	flag.Parse() // Parse command-line parameters.

	// Check whether a bucket name is provided. If not, print the default parameters and exit the program.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Log the fatal error and terminate the program.
	}

	// Check whether region information is provided. If not, print the default parameters and exit the program.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the fatal error and terminate the program.
	}

	// Create a configuration object, use environment variables as the credential provider, and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Use the configuration to create an OSS client instance.

	// Create a GetBucketPublicAccessBlockRequest object to obtain the Block Public Access settings for a specific bucket.
	request := &oss.GetBucketPublicAccessBlockRequest{
		Bucket: oss.Ptr(bucketName), // Specify the name of the bucket to query.
	}
	getResult, err := client.GetBucketPublicAccessBlock(context.TODO(), request) // Execute the request to obtain the Block Public Access status.
	if err != nil {
		log.Fatalf("failed to get bucket public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("get bucket public access block result:%#v\n", getResult) // Print the obtained Block Public Access result.
}

    Delete public access blocking configurations for a bucket

    You can use the following code to delete the Block Public Access configuration for a specified bucket.

    package main

import (
	"context" 
	"flag"   
	"log"  

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"           // The SDK package for Alibaba Cloud OSS.
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials" // The package for processing authentication information.
)

var (
	region     string // Define a variable to store the region information obtained from the command line.
	bucketName string // Define a variable to store the bucket name obtained from the command line.
)

// The init function is executed before the main function to initialize the program.
func init() {
	// Set the command-line parameter to specify the region. The default value is an empty string.
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	// Set the command-line parameter to specify the bucket name. The default value is an empty string.
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}


func main() {
	flag.Parse() // Parse command-line parameters.

	// Check whether a bucket name is provided. If not, print the default parameters and exit the program.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required") // Log the fatal error and terminate the program.
	}

	// Check whether region information is provided. If not, print the default parameters and exit the program.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required") // Log the fatal error and terminate the program.
	}

	// Create a configuration object, use environment variables as the credential provider, and specify the region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	client := oss.NewClient(cfg) // Use the configuration to create an OSS client instance.

	// Create a DeleteBucketPublicAccessBlockRequest object to delete the Block Public Access settings for a specific bucket.
	request := &oss.DeleteBucketPublicAccessBlockRequest{
		Bucket: oss.Ptr(bucketName), // Specify the name of the bucket to operate.
	}
	result, err := client.DeleteBucketPublicAccessBlock(context.TODO(), request) // Execute the request to delete the Block Public Access settings.
	if err != nil {
		log.Fatalf("failed to delete bucket public access block %v", err) // If an error occurs, record the error message and terminate the program.
	}

	log.Printf("delete bucket public access block result:%#v\n", result) // Print the result of deleting the Block Public Access settings.
}

    References

    • For the complete sample code about managing Block Public Access, see GitHub example.

    • For more information about the API operation used to enable Block Public Access for a bucket, see PutBucketPublicAccessBlock.

    • For more information about the API operation used to query the Block Public Access configuration of a bucket, see GetBucketPublicAccessBlock.

    • For more information about the API operation used to delete the Block Public Access configuration of a bucket, see DeleteBucketPublicAccessBlock.