Restrict access requests that have a specific request header

Last updated:2021-08-20 12:02:02

  1. The following policy allows any users to perform any KS3 operations on objects in the specified bucket. However, the request must contain the x-kss-cdn header with its value set to kingsoftcdn.
{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ks3:*"
      ],
      "Principal": {
        "KSC": [
          "*"
        ]
      },
      "Resource": [
        "krn:ksc:ks3:::example_bucket",
        "krn:ksc:ks3:::example_bucket/*"
      ],
      "Condition": {
        "StringEquals": {
          "ksc:RequestHeader": [
            "x-kss-cdn:kingsoftcdn"
          ]
        }
      }
    }
  ]
}
  1. The following policy allows any users to perform any KS3 operations on objects in the specified bucket. However, the request must contain the x-kss-cdn header with its value not limited.
{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ks3:*"
      ],
      "Principal": {
        "KSC": [
          "*"
        ]
      },
      "Resource": [
        "krn:ksc:ks3:::example_bucket",
        "krn:ksc:ks3:::example_bucket/*"
      ],
      "Condition": {
        "StringLike": {
          "ksc:RequestHeader": [
            "x-kss-cdn:*"
          ]
        }
      }
    }
  ]
}
  1. The following policy allows any users to perform any KS3 operations on objects in the specified bucket. However, the request cannot contain the x-kss-cdn header.
{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ks3:*"
      ],
      "Principal": {
        "KSC": [
          "*"
        ]
      },
      "Resource": [
        "krn:ksc:ks3:::example_bucket",
        "krn:ksc:ks3:::example_bucket/*"
      ],
      "Condition": {
        "StringNotLike": {
          "ksc:RequestHeader": [
            "x-kss-cdn:*"
          ]
        }
      }
    }
  ]
}

Did you find the above information helpful?

Unhelpful
Mostly Unhelpful
A little helpful
Helpful
Very helpful

What might be the problems?

Insufficient
Outdated
Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions

0/200

Please give us your feedback.

Submitted

Thank you for your feedback.

问题反馈