search
Log in

Policy

Permission Policy of a Bucket

hashtag
GetBucketPolicy

get
/{Bucket}?policy

Returns the policy of a specified bucket.

Permissions

You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission to perform the s3:GetBucketPolicy operation using Bucket Policy. Note: The bucket owner can always perform this operation, even if the policy explicitly denies access to it.

S3 API Compatibility

  • The x-amz-expected-bucket-owner header isn't supported.

Authorizations
AuthorizationstringRequired

IONOS Object Storage API requests are authenticated using the AWS signature. The IONOS Object Storage API authenticates users using a customized HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code). The process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.

In the Authorization tab for a request, select AWS Signature from the Type dropdown list. Specify where Postman should append your authorization data using the Add authorization data to drop-down menu.

  • If you select Request Headers, Postman populates the Headers tab with Authorization and X-Amz- prefixed fields.

  • If you select Request URL, Postman populates the Params tab with authentication details prefixed with X-Amz-.

Note: The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.

  • For Access Key, enter your access key directly in the fields or through variables for added security.

  • For Secret Key, enter your secret key directly in the fields or through variables for added security.

Advanced fields are optional, but Postman will attempt to generate them automatically if necessary.

  • For AWS Region, enter one of the regions (eu-central-3) where your bucket is hosted.

  • For Service Name, enter s3. The name of the service that receives the requests.

  • For Session Token, leave the field blank. This is only required when temporary security credentials are used.

Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
policyboolean · enumRequiredPossible values:
Responses
chevron-right
200

Successful operation

application/json
get
/{Bucket}?policy

hashtag
PutBucketPolicy

put
/{Bucket}?policy

Applies a bucket policy to a bucket.

Permissions

You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission to perform the s3:PutBucketPolicy operation using Bucket Policy. Note: The bucket owner can always perform this operation, even if the policy explicitly denies access to it.

S3 API Compatibility

  • The x-amz-expected-bucket-owner header isn't supported.

  • The x-amz-confirm-remove-self-bucket-access header isn't supported.

Authorizations
AuthorizationstringRequired

IONOS Object Storage API requests are authenticated using the AWS signature. The IONOS Object Storage API authenticates users using a customized HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code). The process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.

In the Authorization tab for a request, select AWS Signature from the Type dropdown list. Specify where Postman should append your authorization data using the Add authorization data to drop-down menu.

  • If you select Request Headers, Postman populates the Headers tab with Authorization and X-Amz- prefixed fields.

  • If you select Request URL, Postman populates the Params tab with authentication details prefixed with X-Amz-.

Note: The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.

  • For Access Key, enter your access key directly in the fields or through variables for added security.

  • For Secret Key, enter your secret key directly in the fields or through variables for added security.

Advanced fields are optional, but Postman will attempt to generate them automatically if necessary.

  • For AWS Region, enter one of the regions (eu-central-3) where your bucket is hosted.

  • For Service Name, enter s3. The name of the service that receives the requests.

  • For Session Token, leave the field blank. This is only required when temporary security credentials are used.

Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
policyboolean · enumRequiredPossible values:
Header parameters
Content-MD5stringOptional

The base64 encoded MD5 digest of the message (without the headers) according to RFC 1864.

Body
IdstringOptional

Specifies an optional identifier for the policy.

Example: My policy
Versionstring · enumOptional

Policy version

Possible values:
Responses
chevron-right
200

Successful operation

application/xml
put
/{Bucket}?policy
No content

hashtag
DeleteBucketPolicy

delete
/{Bucket}?policy

Deletes the policy of a specified bucket.

Permissions

You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission to perform the s3:DeleteBucketPolicy operation using Bucket Policy. Note: The bucket owner can always perform this operation, even if the policy explicitly denies access to it.

S3 API Compatibility

  • The x-amz-expected-bucket-owner header isn't supported.

Authorizations
AuthorizationstringRequired

IONOS Object Storage API requests are authenticated using the AWS signature. The IONOS Object Storage API authenticates users using a customized HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code). The process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.

In the Authorization tab for a request, select AWS Signature from the Type dropdown list. Specify where Postman should append your authorization data using the Add authorization data to drop-down menu.

  • If you select Request Headers, Postman populates the Headers tab with Authorization and X-Amz- prefixed fields.

  • If you select Request URL, Postman populates the Params tab with authentication details prefixed with X-Amz-.

Note: The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.

  • For Access Key, enter your access key directly in the fields or through variables for added security.

  • For Secret Key, enter your secret key directly in the fields or through variables for added security.

Advanced fields are optional, but Postman will attempt to generate them automatically if necessary.

  • For AWS Region, enter one of the regions (eu-central-3) where your bucket is hosted.

  • For Service Name, enter s3. The name of the service that receives the requests.

  • For Session Token, leave the field blank. This is only required when temporary security credentials are used.

Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
policyboolean · enumRequiredPossible values:
Responses
delete
/{Bucket}?policy
No content

hashtag
GetBucketPolicyStatus

get
/{Bucket}?policyStatus

Retrieves the policy status of a bucket, indicating whether the bucket is public.

IONOS Object Storage considers a bucket policy to be "public" if any statement in the policy is public. A statement is considered public if the Effect is Allow and the Principal has a wildcard -- unless there is an IpAddress:{aws:SourceIp} condition associated with the statement that restricts the requesting source IP to one or more specified IP addresses.

Permissions

You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission to perform the s3:GetBucketPolicyStatus operation using Bucket Policy.

S3 API Compatibility

  • The x-amz-expected-bucket-owner header isn't supported.

Authorizations
AuthorizationstringRequired

IONOS Object Storage API requests are authenticated using the AWS signature. The IONOS Object Storage API authenticates users using a customized HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code). The process of generating the proper Authorization header is somewhat involved. We recommend that you make use of a tool such as Postman.

In the Authorization tab for a request, select AWS Signature from the Type dropdown list. Specify where Postman should append your authorization data using the Add authorization data to drop-down menu.

  • If you select Request Headers, Postman populates the Headers tab with Authorization and X-Amz- prefixed fields.

  • If you select Request URL, Postman populates the Params tab with authentication details prefixed with X-Amz-.

Note: The parameters listed below contain confidential information. We recommend using variables to keep this data secure while working in a collaborative environment.

  • For Access Key, enter your access key directly in the fields or through variables for added security.

  • For Secret Key, enter your secret key directly in the fields or through variables for added security.

Advanced fields are optional, but Postman will attempt to generate them automatically if necessary.

  • For AWS Region, enter one of the regions (eu-central-3) where your bucket is hosted.

  • For Service Name, enter s3. The name of the service that receives the requests.

  • For Session Token, leave the field blank. This is only required when temporary security credentials are used.

Path parameters
Bucketstring · min: 3 · max: 63Required

The bucket name.

Example: my-bucket
Query parameters
policyStatusboolean · enumRequiredPossible values:
Responses
chevron-right
200

Successful operation

application/xml
get
/{Bucket}?policyStatus
PreviousObject LockNextPublicAccessBlock

Last updated

Was this helpful?