Policy
Permission Policy of a Bucket
Returns the policy of a specified bucket.
Permissions
You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission to perform the s3:GetBucketPolicy operation using Bucket Policy. Note: The bucket owner can always perform this operation, even if the policy explicitly denies access to it.
S3 API Compatibility
The
x-amz-expected-bucket-ownerheader isn't supported.
The bucket name.
my-bucketGET /{Bucket} HTTP/1.1
Host: s3.eu-central-3.ionoscloud.com
Authorization: YOUR_API_KEY
Accept: */*
{
"Id": "Delegate certain actions to another user",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Delegate certain actions to another user",
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"123.123.123.123/32",
"199.199.199.199/32"
]
}
},
"Principal": {
"AWS": "arn:aws:iam:::user/31000000:9acd8251-2857-410e-b1fd-ca86462bdcec"
}
}
]
}Applies a bucket policy to a bucket.
Permissions
You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission to perform the s3:PutBucketPolicy operation using Bucket Policy. Note: The bucket owner can always perform this operation, even if the policy explicitly denies access to it.
S3 API Compatibility
The
x-amz-expected-bucket-ownerheader isn't supported.The
x-amz-confirm-remove-self-bucket-accessheader isn't supported.
The bucket name.
my-bucketThe base64 encoded MD5 digest of the message (without the headers) according to RFC 1864.
Specifies an optional identifier for the policy.
My policyPolicy version
PUT /{Bucket} HTTP/1.1
Host: s3.eu-central-3.ionoscloud.com
Authorization: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 429
{
"Id": "Delegate certain actions to another user",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Delegate certain actions to another user",
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::my-bucket",
"arn:aws:s3:::my-bucket/*"
],
"Condition": {
"IpAddress": {
"aws:SourceIp": [
"123.123.123.123/32"
]
}
},
"Principal": {
"AWS": "arn:aws:iam:::user/31000000:9acd8251-2857-410e-b1fd-ca86462bdcec"
}
}
]
}No content
Deletes the policy of a specified bucket.
Permissions
You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission to perform the s3:DeleteBucketPolicy operation using Bucket Policy. Note: The bucket owner can always perform this operation, even if the policy explicitly denies access to it.
S3 API Compatibility
The
x-amz-expected-bucket-ownerheader isn't supported.
The bucket name.
my-bucketDELETE /{Bucket} HTTP/1.1
Host: s3.eu-central-3.ionoscloud.com
Authorization: YOUR_API_KEY
Accept: */*
No content
Retrieves the policy status of a bucket, indicating whether the bucket is public.
IONOS Object Storage considers a bucket policy to be "public" if any statement in the policy is public. A statement is considered public if the Effect is Allow and the Principal has a wildcard -- unless there is an IpAddress:{aws:SourceIp} condition associated with the statement that restricts the requesting source IP to one or more specified IP addresses.
Permissions
You must be the contract owner or an administrator to perform this operation. If not, they can grant you permission to perform the s3:GetBucketPolicyStatus operation using Bucket Policy.
S3 API Compatibility
The
x-amz-expected-bucket-ownerheader isn't supported.
The bucket name.
my-bucketGET /{Bucket} HTTP/1.1
Host: s3.eu-central-3.ionoscloud.com
Authorization: YOUR_API_KEY
Accept: */*
<?xml version="1.0" encoding="UTF-8"?>
<PolicyStatus xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<IsPublic>true</IsPublic>
</PolicyStatus>
Was this helpful?