Details About Actions and Conditions

According to different objects on which actions work, actions are classified into three types: General, Object, and Bucket. Table 1 provides the details.

Table 1 Action and its meaning

Type

Value

Description

General

*

The value supports a wildcard character (*) that indicates all operations can be performed.

Get*

The value supports a wildcard character (*) that indicates all GET operations can be performed.

Put*

The value supports a wildcard character (*) that indicates all PUT operations can be performed.

List*

The value supports a wildcard character (*) that indicates all LIST operations can be performed.

Object

GetObject

Obtains the object and its metadata.

GetObjectVersion

Obtains the object of a specified version and its metadata.

PutObject

Performs PUT upload, POST upload, multipart upload, initialization of uploaded parts, and merging of parts.

GetObjectAcl

Obtains the object ACL information.

GetObjectVersionAcl

Obtains the ACL information of a specified object version.

PutObjectAcl

Configures the ACL for an object.

PutObjectVersionAcl

Configures the ACL for a specified object version.

DeleteObject

Deletes objects.

DeleteObjectVersion

Deletes a specified object version.

ListMultipartUploadParts

Lists uploaded parts.

AbortMultipartUpload

Cancels a multipart upload task.

Bucket

DeleteBucket

Deletes a bucket.

ListBucket

Lists objects in a bucket, and gets the bucket metadata.

ListBucketVersions

Lists object versions in a bucket.

ListBucketMultipartUploads

Lists multipart upload tasks.

GetBucketAcl

Obtains the ACL information of a bucket.

PutBucketAcl

Configures the ACL for a bucket.

GetBucketCORS

Obtains the CORS configuration of a bucket.

PutBucketCORS

Configures CORS for a bucket.

GetBucketVersioning

Obtains the versioning information of a bucket.

PutBucketVersioning

Configures versioning.

GetBucketLocation

Obtains the bucket location.

GetBucketPolicy

Obtains the bucket policy information.

DeleteBucketPolicy

Deletes a bucket policy.

PutBucketPolicy

Configures a bucket policy.

GetBucketLogging

Obtains the bucket logging information.

PutBucketLogging

Configures the bucket logging.

GetBucketWebsite

Obtains the static website hosting information of a bucket.

PutBucketWebsite

Configures the static website hosting for a bucket.

DeleteBucketWebsite

Cancels the static website hosting configuration of a bucket.

GetLifecycleConfiguration

Obtains the lifecycle rule of a bucket.

PutLifecycleConfiguration

Configures the lifecycle rule for a bucket.

Table 2 lists the general types of Condition that you can specify in a bucket policy:

Table 2 Condition operators and their meanings

Type

Key

Description

String

StringEquals

Strict matching. Short version: streq

StringNotEquals

Strict negated matching. Short version: strneq

StringEqualsIgnoreCase

Strict matching, ignoring case. Short version: streqi

StringNotEqualsIgnoreCase

Strict negated matching, ignoring case. Short version: strneqi

StringLike

Loose case-insensitive matching. The values can include a multi-character match wildcard (*) or a single-character match wildcard (?) anywhere in the string. Short version: strl

StringNotLike

Negated loose case-insensitive matching. The values can include a multi-character match wildcard (*) or a single-character match wildcard (?) anywhere in the string. Short version: strnl

Numeric

NumericEquals

Strict matching. Short version: numeq

NumericNotEquals

Strict negated matching. Short version: numneq

NumericLessThan

"Less than" matching. Short version: numlt

NumericLessThanEquals

"Less than or equals" matching. Short version: numlteq

NumericGreaterThan

"Greater than" matching. Short version: numgt

NumericGreaterThanEquals

"Greater than or equals" matching. Short version: numgteq

Date

DateEquals

Strict matching. Short version: dateeq

DateNotEquals

Strict negated matching. Short version: dateneq

DateLessThan

A point in time at which a key stops taking effect. Short version: datelt

DateLessThanEquals

A point in time at which a key stops taking effect. Short version: datelteq

DateGreaterThan

A point in time at which a key starts taking effect Short version: dategt

DateGreaterThanEquals

A point in time at which a key starts taking effect. Short version: dategteq

Boolean

Bool

Strict Boolean matching

IP address

IpAddress

Approved based IP address or range

NotIpAddress

Denial based on the IP address or range

A Condition can contain either of the two types of keys: general keys and action-specific keys.

Table 3 General keys

Key

Type

Description

CurrentTime

Date

Indicates the date when the request is received by the server. The date format must comply with ISO 8601.

EpochTime

Numeric

Indicates the time when the request is received by the server, which is expressed as seconds since 1970.1.1 00:00:00 UTC, regardless of the leap seconds.

SecureTransport

Bool

Requests whether to use SSL.

SourceIp

IP address

Source IP address from which the request is sent

UserAgent

String

Requested client software agent

Referer

String

indicates the link from which the request is sent.

Table 4 OBS action keys

Action

Optional Key

Description

ListBucket

prefix

Type: String. Lists objects that begin with the specified prefix.

delimiter

Type: String. Groups objects in a bucket.

max-keys

Type: Numeric. Sets the maximum number of objects. Returned objects are listed in alphabetic order.

ListBucketVer

sions

prefix

Type: String

delimiter

Type: String

max-keys

Type: Numeric

PutBucketAcl

acl

x-amz-acl can contain the canned ACL. Valid values: private| public-read| public-read-write|authenticated-read|bucket-owner-read|bucket-owner-full-control|log-delivery-write

PutObject

acl

x-amz-acl can contain the canned ACL. Valid values: private| public-read| public-read-write|authenticated-read|bucket-owner-read|bucket-owner-full-control|log-delivery-write

copysource

Type: String. Specifies names of the source bucket and the source object. Format: /bucketname/keyname

metadatadirective

Type: String. Specifies whether to copy the metadata from the source object or replace with the metadata in the request. Values: COPY| REPLACE

PutObjectAcl

acl

x-amz-acl can contain the canned ACL. Valid values: private| public-read| public-read-write|authenticated-read|bucket-owner-read|bucket-owner-full-control|log-delivery-write

GetObjectVer

sion

VersionId

Type: String. Indicates the version of the object.

GetObjectVer

sionAcl

VersionId

Type: String

PutObjectVers

ionAcl

VersionId

Type: String

acl

x-amz-acl can contain the canned ACL. Valid values: private| public-read| public-read-write|authenticated-read|bucket-owner-read|bucket-owner-full-control|log-delivery-write

DeleteObject

Version

VersionId

Type: String. Indicates the version of the object.

Registration