本文为您提供指定的IP地址访问OSS的参考示例。
- 以下策略表示:在
Allow授权中增加IP限制,允许通过192.168.0.0/16和172.16.0.0/12两个IP地址来读取myphotos中的信息。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "oss:ListBuckets", "oss:GetBucketStat", "oss:GetBucketInfo", "oss:GetBucketTagging", "oss:GetBucketAcl" ], "Resource": [ "acs:oss:*:*:*" ] }, { "Effect": "Allow", "Action": [ "oss:ListObjects", "oss:GetObject" ], "Resource": [ "acs:oss:*:*:myphotos", "acs:oss:*:*:myphotos/*" ], "Condition":{ "IpAddress": { "acs:SourceIp": ["192.168.0.0/16", "172.16.0.0/12"] } } } ] } - 以下策略表示:在
Deny授权中增加IP限制,如果源IP地址不是192.168.0.0/16,则禁止对OSS执行任何操作。说明 权限策略的鉴权规则是Deny优先,所以访问者从192.168.0.0/16以外的IP地址访问myphotos中的内容时,OSS会提示没有权限。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "oss:ListBuckets", "oss:GetBucketStat", "oss:GetBucketInfo", "oss:GetBucketTagging", "oss:GetBucketAcl" ], "Resource": [ "acs:oss:*:*:*" ] }, { "Effect": "Allow", "Action": [ "oss:ListObjects", "oss:GetObject" ], "Resource": [ "acs:oss:*:*:myphotos", "acs:oss:*:*:myphotos/*" ] }, { "Effect": "Deny", "Action": "oss:*", "Resource": [ "acs:oss:*:*:*" ], "Condition":{ "NotIpAddress": { "acs:SourceIp": ["192.168.0.0/16"] } } } ] }