search
Log InSign UpSend Feedback

Examples

Following are a few examples of common use cases and their corresponding bucket policy configurations.

circle-info

Prerequisite: You can retrieve the Contract User ID and Canonical User ID from the Key Management section by following the steps in the Retrieve User ID.

hashtag
Grant full control of the bucket to other users

To grant full control over a contract-owned bucket or a user-owned bucket and its objects to other IONOS Object Storage users:

{
 "Version": "2012-10-17",
 "Statement": [
   {
     "Sid": "Grant Full Control",
     "Effect": "Allow",
     "Principal": {
                "AWS": [
                    "arn:aws:iam:::user/CONTRACT_USER_ID1",
                    "arn:aws:iam:::user/CONTRACT_USER_ID2"
                ]
            },
     "Action": "s3:*",
     "Resource": [
       "arn:aws:s3:::my-bucket",
       "arn:aws:s3:::my-bucket/*"
     ]
   }
 ]
}

hashtag
Grant read-only access to a specific prefix

To grant read-only access to objects within a specific prefix of a contract-owned bucket to other IONOS Object Storage users:

hashtag
Public read access

To allow read access to certain objects within a contract-owned bucket or a user-owned bucket while keeping other objects private:

hashtag
Restrict access to specific IP addresses

To restrict all users from performing any S3 operations within the designated bucket type, unless the request is initiated from the specified range of IP addresses:

For more information on bucket policy configurations, see Bucket Policy, supported bucket and object actions and condition valuesarrow-up-right, and Retrieve user ID.

PreviousBucket PolicyNextAccess Control List

Last updated

Was this helpful?