Following are a few examples of common use cases and their corresponding bucket policy configurations.
Prerequisite: You can retrieve the Contract User ID and Canonical User ID from the Key Management section by following the steps in the Retrieve User ID.
Grant full control of the bucket to other users
To grant full control over a contract-owned bucket or a user-owned bucket and its objects to other IONOS S3 Object Storage users:
To restrict all users from performing any S3 operations within the designated bucket type, unless the request is initiated from the specified range of IP addresses:
{"Version":"2012-10-17","Id":"Restrict access to specific IP addresses","Statement": [ {"Sid":"Restrict access to specific IP addresses","Effect":"Deny","Principal":"*","Action":"s3:*","Resource": ["arn:aws:s3:::my-bucket","arn:aws:s3:::my-bucket/*" ],"NotIpAddress":{"aws:SourceIp":"123.123.123.0/24" } } ]}