Data schema
Written by
Updated at December 27, 2024
Data schema in JSON format:
{
"Version" : "string",
"Id" : "string",
"Statement" : [
{
"Sid" : "string",
("Principal" | "NotPrincipal") : ("*" | "CanonicalUser" : [
"string",
...
]),
"Effect" : ("Allow" | "Deny"),
"Action" : ("*" | [
"string",
...
]),
"Resource" : ("*" | [
"string",
...
]),
"Condition" : {
"condition_type_string" : {
"condition_key_string" : [[("string" | "number" | "Boolean"),...]...]
},
...
}
},
...
]
}
A schema can include up to 10,240 characters.
Description of schema parameters:
Parameter | Description |
---|---|
Version |
(Optional) string Bucket policy description version. Examples of values: 2012-10-17 . |
Id |
(Optional) string General policy information. Some Yandex Cloud services require this value to be unique. The parameter is specified by the user. Examples of values: test-policy , Anonymous access policy , hrtk43sau2s8gqkaje06 . |
Statement[]. |
array Bucket policy rules. If a bucket policy with no rules is applied to the bucket, access is denied to all users. To disable request verification for a bucket policy, delete it. |
Statement[].Sid |
string (Optional) Rule ID. The parameter is specified by the user. Examples of values: test-rule , Statement Allow , Statement Deny . |
Statement[].Principal |
string (Optional) Requested permission subject ID. You can request permissions for a user, or service account. Possible values: * and <subject_ID> . |
Statement[].NotPrincipal |
string (Optional) ID of the subject that will not get the requested permission. The possible subjects are: user, or service account. Possible values: <subject_ID> . |
Statement[].Effect |
string Denies or allows the requested action. Possible values: Allow , Deny . |
Statement[].Action |
string Action to perform when the policy is triggered. Possible values: s3:GetObject , s3:PutObject . |
Statement[].Resource |
string Resource to perform the action on. The possible values are:
arn:aws:s3:::samplebucket and arn:aws:s3:::samplebucket/* . |
Statement[].Condition{}. |
string (Optional) Condition to check. If multiple conditions are set for one rule at the same time, they will apply with the AND logic, i.e., the rule must satisfy all specified conditions at the same time to be executed.The aws:sourceip condition supports a special procedure for verifying reverse proxy server IP addresses. |
Statement[].Condition{}. condition_type_string{}. |
string Condition type. Possible values: StringEquals , Bool . For a full list of values, see Comparison operators. |
Statement[].Condition{}. condition_type_string{}. condition_key_string |
string Condition key. The condition whose value will be checked. Possible values: aws:PrincipalType , true .If multiple keys are set for one condition at the same time, these keys will be checked using the AND logic, i.e., the rule must satisfy all specified attributes at the same time to be executed.If multiple values are set for one condition key at the same time, these values will be checked using the OR logic, i.e., the condition key may satisfy any of the specified values for the rule to be executed. |