You can add a policy for a bucket via the COS console to allow/forbid an account, IP, or IP range to access the COS resources. For more information about bucket policy and examples, please see Access Policy Language Overview and Examples of Bucket Policies. The following describes how to add a bucket policy.
Each root account can create up to 1,000 bucket ACL rules.
You have created a bucket. For more information, please see Creating Buckets.
- Log in to the COS console.
- In the left sidebar, click Bucket List. Then, click the bucket for which you want to add a bucket.
- Click Permission Management > Permission Policy Settings. Then, you can add a bucket policy using Visual editor or JSON. For more information about the configuration items, please see Access Policy Language Overview.
- Visual editor
Below is an example:
Click Edit to input the user-defined policy syntax. COS provides policy syntax for various scenarios. For more information, please see Examples of Bucket Policies.
- Click Save. In this way, if a sub-account logs in to the COS console, it can only access resources allowed by the policy.