Last updated：2021-03-30 17:02:03
The AK/SK management module of KS3 was under Object Storage > Account Settings before April 27, 2017. From April 27, 2017, it is in the unified identity and access control management system of Kingsoft Cloud. If you have old KS3 keys, move the pointer over the account name at the upper-right corner of the page and select Accesskeys from the drop-down menu. Then, click the Object storage key tab to view the keys. For more information, see Activate KS3 service.
KS3 AKs/SKs are restricted to KS3. You cannot use them to access other Kingsoft Cloud products. From April 24, 2017, you can use your KS3 keys created before April 24, 2017 but you can only disable or delete them. You cannot re-enable them after disabling them. You cannot create KS3 keys either. It is recommended that you enter the AK management page and click New Key to create AKs or SKs. You can use the created keys to access all Kingsoft Cloud services, including KS3.
The following types of ACLs are available for bucket access control:
The following types of ACLs are available for object access control:
For more information, see API document.
Having the read permission on a bucket does not mean having the read permission on objects in the bucket. The read permission on a bucket allows you to perform List operations on the objects in the bucket. For anonymous users to access an object, you must also set the permissions of the object to Public.
KS3 provides public-read-write, public-read, and private ACLs for bucket access control and public-read and private ACLs for object access control.
Yes. You can use one of the following methods to modify the ACL configuration for a bucket or object:
In KS3, directory (or folder) is a virtual concept. The directory or folder of a file is actually the prefix of the key value of the object. Access permission configuration modifications for a directory or folder on the console affects all objects whose key value prefixes contain the directory. If a large number of files exist in the directory, the delete queue might include many pending items. As a best practice, use an API to traverse the file list and call the interface to modify the access permission configurations.
Yes. You can configure a bucket policy to achieve the goal. You can use the policy to precisely specify the resources that a user can access and the operations that the user can perform on the resources. This feature requires that you are the owner of the bucket.
Use one of the following methods:
Yes. KS3 supports the door chain feature, that is, the domain access blacklist or whitelist. You can add the names of the banned source domains to the blacklist. To reject access from certain IP addresses, you use the conditions in the bucket policy to specify the source IP addresses. For more information, see the Detailed explanation of Condition section in Bucket Policy.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.