Adding Bucket Policies

Last updated: 2019-07-10 15:11:31



You can add a policy to a bucket in the COS Console to allow or forbid an account, IP, or IP range to access the COS resources. For more information about bucket policy and samples, see Access Policy Overview and Bucket Policy Samples. The following section will guide you through how to add a bucket policy.

For each root account, the total number of created object ACLs, bucket ACLs, and bucket policies cannot exceed 1,000.


  1. Log in to the COS Console.
  2. In the left sidebar, click Bucket List.
  3. Select the bucket to which to add a bucket policy and enter it.
  4. Click Permission Management and find Bucket Policy. COS supports adding the bucket policy through Generator and Strategy grammer, which you can choose as you like.
    • Graphic settings
      Below is an example:
    • Strategy grammar
      Click Edit and enter the policy syntax you define. COS provides policy syntax for a rich variety of scenarios. For more information, see Bucket Policy Samples.
  5. After confirming that the configuration information is correct, click OK or Save. At this point, sub-account can only access the resource range set by the policy after logging in to the COS Console.