Use the OSS Go SDK V1 to set and get the access control list (ACL) of a bucket.
Prerequisites
Before you begin, ensure that you have:
The
oss:PutBucketAclpermission to set a bucket ACLThe
oss:GetBucketAclpermission to get a bucket ACLThe
OSS_ACCESS_KEY_IDandOSS_ACCESS_KEY_SECRETenvironment variables set with valid credentials
For permission setup, see Attach a custom policy to a RAM user. For credential configuration, see Configure access credentials.
Bucket ACL types
OSS supports three bucket ACL types:
| ACL | Who can read | Who can write | Go SDK constant |
|---|---|---|---|
| Private | Bucket owner and authorized users only | Bucket owner and authorized users only | oss.ACLPrivate |
| Public-read | All users | Bucket owner and authorized users only | oss.ACLPublicRead |
| Public-read-write | All users | All users | oss.ACLPublicReadWrite |
Grant Public-read or Public-read-write only when broad access is required. Public-read-write allows any user to write to your bucket.
Set and get a bucket ACL
The following example sets a bucket ACL to Public-read, then retrieves and logs the current ACL.
The example uses the China (Hangzhou) region endpoint. For other regions, replace the endpoint and region values. If you access OSS from other Alibaba Cloud services in the same region as OSS, use an internal endpoint instead. For endpoint details, see Regions and endpoints.
For alternative client configurations—such as a custom domain or Security Token Service (STS) credentials—see Configure a client (Go SDK V1).
package main
import (
"log"
"github.com/aliyun/aliyun-oss-go-sdk/oss"
)
func main() {
// Load credentials from environment variables.
// Set OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET before running this example.
provider, err := oss.NewEnvironmentVariableCredentialsProvider()
if err != nil {
log.Fatalf("Failed to create credentials provider: %v", err)
}
// Create an OSSClient instance.
// Replace yourEndpoint with the endpoint for your bucket's region,
// for example, https://oss-cn-hangzhou.aliyuncs.com for China (Hangzhou).
// Replace yourRegion with the region ID, for example, cn-hangzhou.
clientOptions := []oss.ClientOption{oss.SetCredentialsProvider(&provider)}
clientOptions = append(clientOptions, oss.Region("yourRegion"))
clientOptions = append(clientOptions, oss.AuthVersion(oss.AuthV4))
client, err := oss.New("yourEndpoint", "", "", clientOptions...)
if err != nil {
log.Fatalf("Failed to create OSS client: %v", err)
}
// Replace yourBucketName with the name of your bucket.
bucketName := "yourBucketName"
// Set the bucket ACL to Public-read.
err = client.SetBucketACL(bucketName, oss.ACLPublicRead)
if err != nil {
log.Fatalf("Failed to set bucket ACL for '%s': %v", bucketName, err)
}
// Get and log the current bucket ACL.
aclRes, err := client.GetBucketACL(bucketName)
if err != nil {
log.Fatalf("Failed to get bucket ACL for '%s': %v", bucketName, err)
}
log.Printf("Bucket ACL for '%s': %s", bucketName, aclRes.ACL)
}References
GitHub sample: bucket ACL — complete sample code