- 下面是一个定义Referer Policy的例子
配置 Bucket(名为 example-bucket) 的访问策略: 允许特定子用户(test1,其根用户 ID为 32fefj64y54gc)访问此 Bucket 资源,并且要求请求包含特定的 Referer 头(“https://www.ctyun.cn/”或“https://ctyun.cn/”) 。
{
"Version":"2012-10-17",
"Id":"*",
"Statement":[
{
"Sid":"*",
"Effect":"Allow",
"Principal":{ "CTYUN": "arn:ctyun:iam::32fefj64y54gc:user/test1" },
"Action":"oos:*",
"Resource":"arn:ctyun:oos:::example-bucket/*",
"Condition":{
"StringLike":{
"ctyun:Referer":[
"https://www.ctyun.cn/*",
"https://ctyun.cn/*"
]
}
}
}
]
}
- 下面是一个定义IP Policy的例子
配置 Bucket(名为 example-bucket) 的访问策略: 允许特定子用户(test2,其根用户 ID为 32fefj64y54gc)在特定网段(192.168.143.0/24,但排除 192.168.143.188)内进行访问。
{
"Version": "2012-10-17",
"Id": "PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": {
"CTYUN": "arn:ctyun:iam::32fefj64y54gc:user/test2"
},
"Action": "oos:GetObject",
"Resource": "arn:ctyun:oos:::example-bucket/*",
"Condition" : {
"IpAddress" : {
"ctyun:SourceIp": "192.168.143.0/24"
},
"NotIpAddress" : {
"ctyun:SourceIp": "192.168.143.188/32"
}
}
}
]
}
- 下面的例子可向匿名用户授予公共读权限
配置 Bucket(名为 example-bucket) 的访问策略:允许任何人读取文件数据。
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal":{ "CTYUN": ["*"] },
"Action":["oos:GetObject"],
"Resource":["arn:ctyun:oos:::examplebucket/*"]
}
]
}
