All Documents

Current Document

Recommend

Container Engine Virtual Private Cloud Standard Storage Service

Content is empty

If you don't find the content you expect, please try another search term

Standard Storage Service (KS3)

View more results

Document title with current keyword not found

Directory

Expand AllFold All Up

Networking
Security

Video Services
Data Analysis
- MapReduce (KMR)
- Kingsoft Cloud Log Service
Account Management
- Identity and Access Management
- Account Management

No products found with this keyword

Documentation

Standard Storage Service (KS3)

Access Control Management

Examples of bucket policies

Restrict access requests that have a specific request header

Restrict access requests that have a specific request header

Last updated：2021-08-20 12:02:02



The following policy allows any users to perform any KS3 operations on objects in the specified bucket. However, the request must contain the x-kss-cdn header with its value set to kingsoftcdn.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ks3:*"
      ],
      "Principal": {
        "KSC": [
          "*"
        ]
      },
      "Resource": [
        "krn:ksc:ks3:::example_bucket",
        "krn:ksc:ks3:::example_bucket/*"
      ],
      "Condition": {
        "StringEquals": {
          "ksc:RequestHeader": [
            "x-kss-cdn:kingsoftcdn"
          ]
        }
      }
    }
  ]
}

The following policy allows any users to perform any KS3 operations on objects in the specified bucket. However, the request must contain the x-kss-cdn header with its value not limited.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ks3:*"
      ],
      "Principal": {
        "KSC": [
          "*"
        ]
      },
      "Resource": [
        "krn:ksc:ks3:::example_bucket",
        "krn:ksc:ks3:::example_bucket/*"
      ],
      "Condition": {
        "StringLike": {
          "ksc:RequestHeader": [
            "x-kss-cdn:*"
          ]
        }
      }
    }
  ]
}

The following policy allows any users to perform any KS3 operations on objects in the specified bucket. However, the request cannot contain the x-kss-cdn header.

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ks3:*"
      ],
      "Principal": {
        "KSC": [
          "*"
        ]
      },
      "Resource": [
        "krn:ksc:ks3:::example_bucket",
        "krn:ksc:ks3:::example_bucket/*"
      ],
      "Condition": {
        "StringNotLike": {
          "ksc:RequestHeader": [
            "x-kss-cdn:*"
          ]
        }
      }
    }
  ]
}

On this page

Previous:Examples of bucket policies

Next:Restrict access to a specific IP address

Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen

Feedback