Standard Storage Service (KS3)

      Documentation Standard Storage Service (KS3) Access Control Management Examples of bucket policies Restrict access requests that have a specific request header

      Restrict access requests that have a specific request header

      Last updated:2021-08-20 12:02:02

      1. The following policy allows any users to perform any KS3 operations on objects in the specified bucket. However, the request must contain the x-kss-cdn header with its value set to kingsoftcdn.
      {
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ks3:*"
      ],
      "Principal": {
        "KSC": [
          "*"
        ]
      },
      "Resource": [
        "krn:ksc:ks3:::example_bucket",
        "krn:ksc:ks3:::example_bucket/*"
      ],
      "Condition": {
        "StringEquals": {
          "ksc:RequestHeader": [
            "x-kss-cdn:kingsoftcdn"
          ]
        }
      }
    }
  ]
}
      1. The following policy allows any users to perform any KS3 operations on objects in the specified bucket. However, the request must contain the x-kss-cdn header with its value not limited.
      {
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ks3:*"
      ],
      "Principal": {
        "KSC": [
          "*"
        ]
      },
      "Resource": [
        "krn:ksc:ks3:::example_bucket",
        "krn:ksc:ks3:::example_bucket/*"
      ],
      "Condition": {
        "StringLike": {
          "ksc:RequestHeader": [
            "x-kss-cdn:*"
          ]
        }
      }
    }
  ]
}
      1. The following policy allows any users to perform any KS3 operations on objects in the specified bucket. However, the request cannot contain the x-kss-cdn header.
      {
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ks3:*"
      ],
      "Principal": {
        "KSC": [
          "*"
        ]
      },
      "Resource": [
        "krn:ksc:ks3:::example_bucket",
        "krn:ksc:ks3:::example_bucket/*"
      ],
      "Condition": {
        "StringNotLike": {
          "ksc:RequestHeader": [
            "x-kss-cdn:*"
          ]
        }
      }
    }
  ]
}
      Previous:Bucket policy
      Next:Restrict access to a specific IP address

      Did you find the above information helpful?

      Unhelpful
      Mostly Unhelpful
      A little helpful
      Helpful
      Very helpful

      What might be the problems?

      Insufficient
      Outdated
      Unclear or awkward
      Redundant or clumsy
      Lack of context for the complex system or functionality

      More suggestions

      0/200

      Please give us your feedback.

      Submitted

      Thank you for your feedback.

      问题反馈