Editing a bucket ACL
In addition to IAM, Object Storage supports access control using ACLs.
-
In the management console, select the appropriate folder.
-
Select Object Storage.
-
To edit the ACL, click to the right of the bucket name and select Bucket ACL.
You can also click the bucket name and then click Bucket ACL on the page that opens.
-
In the Edit ACL window, grant or revoke the desired permissions.
If you don't have Terraform yet, install it and configure the Yandex Cloud provider.
Before you start, get static access keys: a private key and key ID used for authentication in Object Storage.
-
In the configuration file, describe the parameters of resources that you want to create:
-
access_key
: The ID of the static access key. -
secret_key
: The value of the private access key. -
bucket
: Bucket name. Required parameter. -
grant
: ACL access policy settings. Optional. For access management, use a service account with administrator rights.id
: User ID.type
: System group type.permissions
: Types of permissions according to the ACL.uri
: System group ID.
resource "yandex_storage_bucket" "test" { access_key = "<static key identifier>" secret_key = "<secret key>" bucket = "<bucket name>" grant { id = "<user ID>" type = "CanonicalUser" permissions = ["FULL_CONTROL"] } grant { type = "Group" permissions = ["READ", "WRITE"] uri = "http://acs.amazonaws.com/groups/global/AllUsers" } }
For more information about the resources you can create using Terraform, see the provider documentation.
-
-
Make sure that the configuration files are correct.
-
In the command line, go to the directory where you created the configuration file.
-
Run the check using the command:
terraform plan
If the configuration is described correctly, the terminal displays a list of created resources and their parameters. If there are errors in the configuration, Terraform points them out.
-
-
Deploy the cloud resources.
- If the configuration doesn't contain any errors, run the command:
terraform apply
- Confirm that you want to create the resources.
Afterwards, all the necessary resources are created in the specified folder. You can check resource availability and their settings in the management console.