How to create and manage bucket policies using the console

Scaleway Object Storage allows you to create bucket policies directly from the Scaleway console.

To create and apply a bucket policy from the AWS CLI, refer to the dedicated documentation.

A bucket policy is a resource-based policy option. It allows you to grant more granular access to Object Storage resources.

By default, all Object Storage resources in a Project are private and can be accessed only by users or applications with IAM permissions. Adding a bucket policy to a bucket allows you to specify who can perform which actions on a bucket and the objects it contains. You can combine the different elements of a bucket policy to tailor your permissions according to your use case.

Before you start

To complete the actions presented below, you must have:

• A Scaleway account logged into the console
• Owner status or IAM permissions allowing you to perform actions in the intended Organization
• Created a bucket

How to create a bucket policy

1. Click Object Storage on the left side menu of the console. The Object Storage dashboard displays.

2. Click the Bucket policies tab, then click + Create bucket policy. A creation form displays.

3. Enter a name for your bucket policy.

4. Select the bucket to which you want to apply the policy.

   Note

   • You can only apply a policy to a single bucket, but you can duplicate an existing policy and apply it to another bucket.
   • If you change the target bucket of an existing policy, the bucket policy will be removed from the original bucket, and applied to the selected bucket.

5. Select your preferred creation method:

   • The policy generator to add statements using a form.

   • The JSON editor to manually write or paste your bucket policy in a code editor.

   Note

   Refer to the dedicated documentation on bucket policies overview and combining IAM and bucket policies for more information on how to build a bucket policy.

6. Keep the Maintain access to bucket box ticked to prevent accidental lockout from your bucket. By default, the bucket policy contains a secure statement that allows every action to the user creating the policy.

7. Create a statement by entering the following information:

8. (Optional) Click + Add statement, and repeat the previous step to add another statement to your bucket policy.

9. Review your bucket policy using the JSON preview.

10. Click Create bucket policy to create it, and apply it to the selected bucket.

Bucket policy example

Below is an example of a bucket policy generated using the console. For more information on each element of a bucket policy, refer to the dedicated documentation.

{
  "Id": "my-bucket-policy",
  "Version": "2023-04-17",
  "Statement": [
    {
      "Principal": {
        "SCW": [
          "user_id:example-c5cc-4862-8506-e09dfe5b9d1c",
          "application_id:example-3967-f6rc-2064-b9d1ce09dfe5",
        ]
      },
      "Sid": "my-statement-1",
      "Action": [
        "s3:DeleteObject",
        "s3:DeleteObjectTagging",
        "s3:GetBucketTagging",
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "my-bucket",
        "my-bucket/photos/*"
      ],
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "192.0.2.0/24"
        }
      }
    },
    {
      "Principal": {
        "SCW": [
          "application_id:example-c5cc-4862-8506-e0969drses3d"
        ]
      },
      "Sid": "my-statement-2",
      "Action": [
        "s3:PutObject",
        "s3:PutBucketTagging",
        "s3:PutBucketVersioning"
      ],
      "Effect": "Allow",
      "Resource": [
        "my-bucket",
        "my-bucket/documents/*"
      ],
      "Condition": {
        "StringLike": {
          "aws:Referer": "https://console.scaleway.com/*"
        }
      }
    }
  ]
}

How to edit a bucket policy

1. Click Object Storage on the left side menu of the console. The Object Storage dashboard displays.

2. Click the Bucket policies tab.

3. Click the name of the bucket policy you want to edit.

4. Click Edit policy.

How to apply an existing policy to another bucket

The Scaleway console allows you to duplicate an existing policy, and apply it to another bucket.

1. Click Object Storage on the left side menu of the console. The Object Storage dashboard displays.

2. Click the Bucket policies tab.

3. Click the name of the bucket policy you want to apply to another bucket.

4. Click Apply to another bucket. A pop-up appears.

5. Select a bucket from the drop-down menu, then enter a name for the policy.

6. Click Apply policy.

How to delete a bucket policy

1. Click Object Storage on the left side menu of the console. The Object Storage dashboard displays.

2. Click the Bucket policies tab.

3. Click the name of the bucket policy you want to delete.

4. Click Delete policy to permanently delete it.

Troubleshooting

• If you accidentally lost access to your bucket after applying a bucket policy, refer to the dedicated troubleshooting page.

• If an error displays upon validating your bucket policy, make sure that it is properly formatted. Refer to the bucket policies overview for more information on the syntax of each element.