OSS 权限策略文件示例

示例1：
允许ip为 ip1,ip2的服务器对bucket1,bucket2进行读写

{
“Statement”: [
{
“Action”: “oss:*”,
“Effect”: “Allow”,
“Resource”: [
“acs:oss:::bucket1”,
“acs:oss:::bucket1/*”,
“acs:oss:::bucket2”,
“acs:oss:::bucket2/*”
],
“Condition”: {
“IpAddress”: {
“acs:SourceIp”: [
“ip1”,
“ip2”
]
}
}
}
],
“Version”: “1”
}

示例2：
允许ip为 ip1 的服务器对bucket1,bucket2进行读写

{
“Statement”: [
{
“Action”: “oss:*”,
“Effect”: “Allow”,
“Resource”: [
“acs:oss:::bucket1”,
“acs:oss:::bucket1/*”,
“acs:oss:::bucket2”,
“acs:oss:::bucket2/*”
],
“Condition”: {
“IpAddress”: {
“acs:SourceIp”: ｛
“ip1”｝
]
}
}
}
],
“Version”: “1”
}

示例3， 不加IP限制的
{
“Statement”: [
{
“Action”: “oss:*”,
“Effect”: “Allow”,
“Resource”: [
“acs:oss:::bucket1”,
“acs:oss:::bucket1/*”
]
}
],
“Version”: “1”
}

注意事项：
如果只有一个条件例用｛｝，如果多个条件则使用 []

编写一个合理的 OSS 策略文件能够有效的防止oss 拖库事件的发生