- 下面是一个定义Referer Policy的例子
{
"Version":"2012-10-17",
"Id":"http referer policy example",
"Statement":[
{
"Sid":"Allow get requests referred by www.mysite.com , mysite.com and empty referer",
"Effect":"Allow",
"Principal":{ "CTYUN": ["*"] },
"Action":"oos:*",
"Resource":"arn:ctyun:oos:::example-bucket/*",
"Condition":{
"StringLike":{
"ctyun:Referer":[
"http://www.mysite.com/*",
"http://mysite.com/*",
""
]
}
}
}
]
}
- 下面是一个定义IP Policy的例子
{
"Version": "2012-10-17",
"Id": "PolicyId1",
"Statement": [
{
"Sid": "IPAllow",
"Effect": "Allow",
"Principal": {
"CTYUN": "*"
},
"Action": "oos:*",
"Resource": "arn:ctyun:oos:::example-bucket /*",
"Condition" : {
"IpAddress" : {
"ctyun:SourceIp": "192.168.143.0/24"
},
"NotIpAddress" : {
"ctyun:SourceIp": "192.168.143.188/32"
}
}
}
]
}
-
下面的例子可向匿名用户授予公共读权限
下面的示例策略向任何公用匿名用户授予oos:GetObject权限。此权限允许任何人读取对象数据,当用户将Bucket配置为网站并且希望每个人都能读取存储桶中的对象时,此配置十分有用。可以将bucket设置为私有,然后配置以下Bucket策略。
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"AddPerm",
"Effect":"Allow",
"Principal":{ "CTYUN": ["*"] },
"Action":["oos:GetObject"],
"Resource":["arn:ctyun:oos:::examplebucket/*"]
}
]
}