Object Storage Service:Bucket policy (Node.js SDK)

Precautions

• Before you configure a bucket policy, make sure that you understand how this feature works. For more information, see Bucket policy.

• To set a bucket policy, you must have the oss:PutBucketPolicy permission. To retrieve a bucket policy, you must have the oss:GetBucketPolicy permission. To delete a bucket policy, you must have the oss:DeleteBucketPolicy permission. For more information about how to grant permissions, see Grant custom access policies to a RAM user.

Set a bucket policy

Below is the sample code for setting a bucket policy:

const OSS = require('ali-oss')

const client = new OSS({
  // Set region to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set region to oss-cn-hangzhou.
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run this sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Specify the bucket name. For example, examplebucket.
  bucket: 'examplebucket'
});
// In this example, the resource owner (bucket owner with UID 174649585760xxxx) uses a bucket policy to grant a RAM user (with UID 20214760404935xxxx) the permissions to list and get objects in the examplebucket bucket.
const policy = {
  Version: '1',
  Statement: [
  {
      Action: ['oss:ListObjects', 'oss:GetObject'],
      Effect: 'Allow',
      Principal: ['20214760404935xxxx'],
      Resource: ['acs:oss:*:174649585760xxxx:examplebucket']
    }
  ]
};

async function putPolicy() {
  const result = await client.putBucketPolicy('examplebucket', policy);
  console.log(result)
}

putPolicy()

Get a bucket policy

Below is the sample code for getting a bucket policy:

const OSS = require('ali-oss')

const client = new OSS({
  // Set region to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set region to oss-cn-hangzhou.
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run this sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Specify the bucket name.
  bucket: 'yourbucketname'
});

// Get the bucket policy configuration.
async function getPolicy() {
  const result = await client.getBucketPolicy('yourbucketname');
  console.log(result.policy)
}

getPolicy()

Delete a bucket policy

Below is the sample code for deleting a bucket policy:

const OSS = require('ali-oss')

const client = new OSS({
  // Set region to the region where the bucket is located. For example, if the bucket is in the China (Hangzhou) region, set region to oss-cn-hangzhou.
  region: 'yourregion',
  // Obtain access credentials from environment variables. Before you run this sample code, make sure that the OSS_ACCESS_KEY_ID and OSS_ACCESS_KEY_SECRET environment variables are set.
  accessKeyId: process.env.OSS_ACCESS_KEY_ID,
  accessKeySecret: process.env.OSS_ACCESS_KEY_SECRET,
  authorizationV4: true,
  // Specify the bucket name.
  bucket: 'yourbucketname'
});

// Delete the bucket policy.
async function deletePolicy() {
  const result = await client.deleteBucketPolicy('yourbucketname');
  console.log(result)
}

deletePolicy()

References

• For the complete sample code for bucket policies, see GitHub.

• For information about the API operation to set a bucket policy, see PutBucketPolicy.

• For information about the API operation to retrieve a bucket policy, see GetBucketPolicy.

• For information about the API operation to delete a bucket policy, see DeleteBucketPolicy.