Jump toUpdate content

Using bucket policies

Reviewed on 29 June 2022Published on 17 January 2021

A bucket policy is a resource-based policy option. It allows users to grant access to buckets in other Scaleway projects and organizations.

By default, all Object Storage resources in a project are private and can be accessed only by users of said project. Adding a bucket policy to a bucket allows you to grant access to outside users. You can use different combinations of the policy’s component strings to customize your permissions for different purposes as required.

How to apply a bucket policy

  1. Create the bucket-policy.json file in your environment using a text editor, such as nano or vim. You can edit the contents of the configuration according to your preference. Refer to Understanding bucket policies for more details about each string.
{
"Version": "2012-10-17",
"Id": "MyBucketPolicy",
"Statement": [
{
"Sid": "DelegateAccess",
"Effect": "Allow",
"Principal": {
"SCW": "project_id:<PROJECT_ID>"
},
"Action": [
"s3:ListBucket",
"s3:GetObject"
],
"Resource": [
"<BUCKET_NAME>",
"<BUCKET_NAME>/*"
]
}
]
}

  1. Run the command below to apply the policy. Replace <BUCKET_NAME> by the name of your bucket.
aws s3api put-bucket-policy --bucket <BUCKET_NAME> --policy file://bucket-policy.json

How to import a copy of objects from a bucket in a different project

Import a copy of your objects in a bucket to another bucket using the AWS-CLI.

See related content.

How to manage bucket permissions for IP addresses or ranges of IP

You can stipulate which IP addresses or IP ranges have access or permission to perform S3 operations on your buckets by creating a bucket policy with the IpAddress or NotIpAddress conditions.

See related content.

How to share buckets in read-only mode

It is possible to implement a bucket policy to grant a Scaleway organization or project viewing rights to a bucket in a different project.

See related content.

See Also