ACS-OSS-PutBucketPolicy_系统运维管理(OOS)-阿里云帮助中心

模板名称

ACS-OSS-PutBucketPolicy 设置存储空间授权策略

立即执行

模板描述

设置存储空间授权策略

模板类型

自动化

所有者

Alibaba Cloud

输入参数

参数名称	描述	类型	是否必填	默认值	约束
bucketName	OSS bucket 名称	String	是
bucketPolicy	存储空间授权策略	Json	是
regionId	地域ID	String	否	{{ ACS::RegionId }}
OOSAssumeRole	OOS扮演的RAM角色	String	否	""

输出参数

参数名称	描述	类型
policyInfo		Json

执行此模板需要的权限策略

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "oss:GetBucketPolicy",
                "oss:PutBucketPolicy"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

详情

ACS-OSS-PutBucketPolicy详情

模板内容

FormatVersion: OOS-2019-06-01
Description:
  en: Put the bucket policy
  zh-cn: 设置存储空间授权策略
  name-en: ACS-OSS-PutBucketPolicy
  name-zh-cn: 设置存储空间授权策略
  categories:
    - security
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
      zh-cn: 地域ID
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  bucketName:
    Label:
      en: BucketName
      zh-cn: OSS bucket 名称
    Type: String
  bucketPolicy:
    Label:
      en: BucketPolicy
      zh-cn: 存储空间授权策略
    Description:
      en: (for example:{"Version":"1","Statement":[{"Action":["oss:PutObject","oss:GetObject"],"Effect":"Deny","Principal":["1234567890"],"Resource":["acs:oss:*:1234567890:*/*"]}]}).
      zh-cn: （例子：{"Version":"1","Statement":[{"Action":["oss:PutObject","oss:GetObject"],"Effect":"Deny","Principal":["1234567890"],"Resource":["acs:oss:*:1234567890:*/*"]}]}）。
    Type: Json
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: OOS扮演的RAM角色
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: putBucketPolicy
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Put the bucket policy
      zh-cn: 设置存储空间的授权策略
    Properties:
      Service: OSS
      API: PutBucketPolicy
      Method: PUT
      URI: '?policy'
      Headers:
        Content-MD5: ""
        Content-Type: application/json
      Parameters:
        BucketName: '{{ bucketName }}'
        RegionId: '{{ regionId }}'
      Body: '{{ bucketPolicy }}'
  - Name: waitBucketPolicy
    Action: 'ACS::WaitFor'
    Description:
      en: Wait for the authorization policy of the storage space to take effect
      zh-cn: 等待存储空间的授权策略生效
    Properties:
      Service: OSS
      API: GetBucketPolicy
      Method: GET
      URI: '?policy'
      Headers: {}
      Parameters:
        BucketName: '{{ bucketName }}'
        RegionId: '{{ regionId }}'
      DesiredValues:
        - '{{ bucketPolicy }}'
      PropertySelector: .
Outputs:
  policyInfo:
    Type: Json
    Value:
      bucketName: '{{ bucketName }}'
      bucketPolicy: '{{ bucketPolicy }}'