Editing an object ACL
Object Storage incorporates multiple mechanisms for managing access to resources. To learn how these mechanisms interact, see Access management methods in Object Storage: Overview.
To control access to an object in an Object Storage bucket, you can use an ACL.
-
In the management console
, select the appropriate folder. -
Select Object Storage.
-
Click the bucket name.
-
To edit an ACL, click
to the right of the object name and select Object ACL.You can also click the object name, click
on the page that opens, and select Object ACL. -
In the ACL editing window that opens, grant or revoke the appropriate permissions.
Terraform
For more information about the provider resources, see the documentation on the Terraform
If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
If you don't have Terraform, install it and configure the Yandex Cloud provider.
To edit an object ACL:
-
Open the Terraform configuration file and add the
acl
parameter to the object description.... resource "yandex_storage_object" "cute-cat-picture" { access_key = "<static_key_ID>" secret_key = "<secret_key>" bucket = "cat-pictures" key = "cute-cat" source = "/images/cats/cute-cat.jpg" acl = "public-read" } ...
Where:
access_key
: ID of the static access key.secret_key
: Secret access key value.acl
: Predefined ACL of an object. The default value isprivate
: Yandex Cloud users get permissions based on their roles in IAM.
For more information about the
yandex_storage_object
resource parameters in Terraform, see the provider documentation . -
Check the configuration using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
into the terminal and press Enter.You can verify the change to a security group in the management console
.
To edit an ACL object, use the objectPutAcl S3 API method.
To upload an object with an ACL set, use the upload S3 API method with the X-Amz-Acl
, X-Amz-Grant-Read
, X-Amz-Grant-Read-Acp
, X-Amz-Grant-Write-Acp
, and X-Amz-Grant-Full-Control
headers.