Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
© 2022 Yandex.Cloud LLC
Yandex Object Storage
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Buckets
      • Creating a bucket
      • Deleting a bucket
      • Limiting the maximum size of a bucket
      • Allowing public access to a bucket
      • Bucket encryption
      • Managing object lifecycles
      • Managing CORS configurations
      • Managing bucket policies
      • Managing bucket versioning
      • Editing a bucket ACL
      • Enabling logging
    • Objects
      • Uploading an object
      • Getting information about an object
      • Downloading an object
      • Getting a public link to an object
      • Deleting an object
      • Deleting all objects
      • Deleting a partially uploaded object
      • Editing an object ACL
    • Static website hosting
      • Hosting setup
      • Support for your own domain
      • Support for multiple domain names
      • Configuring HTTPS
    • Access management
      • Applying an access policy
  • Practical guidelines
    • Getting object query statistics with S3 Select
    • Getting website traffic statistics with S3 Select
    • Generating a billing report with resource break-down using S3 Select
    • Server-side encryption
    • Integrating an L7 load balancer with the CDN and Object Storage
    • Blue-green and canary deployment
    • Analyzing logs in DataLens
  • Concepts
    • Overview
    • Bucket
    • Objects
    • Bucket versioning
    • Object lifecycles
    • CORS
    • Static website hosting
    • Pre-signed URLs
    • Multipart upload
    • Access control lists (ACLs)
    • Bucket Policy
    • Uploading files via an HTML form
    • Storage class
    • Logging actions with a bucket
    • Backups
    • TLS protocol
    • S3 Select query language
    • Quotas and limits
  • Tools
    • All tools
    • Console clients
      • AWS CLI
      • S3cmd
    • File browsers
      • CyberDuck
      • WinSCP
    • SDK
      • AWS SDK for Java
      • Python SDK (boto)
      • The AWS SDK for .NET
      • AWS SDK for C++
      • AWS SDK for PHP
      • AWS SDK for Go
    • FUSE
      • GeeseFS
      • s3fs
      • goofys
    • FTP
      • Docker container for (S)FTP(S)
  • API reference
    • REST (Amazon S3-compatible)
      • How to use the API
      • Signing requests
      • API reference
        • All services and methods
        • Bucket
          • All methods
          • create
          • getBucketEncryption
          • getMeta
          • listObjects
          • listBuckets
          • deleteBucket
          • deleteBucketEncryption
          • putBucketEncryption
          • putBucketVersioning
          • getBucketVersioning
          • putBucketLogging
          • getBucketLogging
          • listObjectVersions
        • Object
          • All methods
          • upload
          • get
          • copy
          • getObjectMeta
          • delete
          • deleteMultipleObjects
          • options
          • selectObjectContent
        • Multipart upload
          • General multipart upload procedure
          • startUpload
          • uploadPart
          • copyPart
          • listParts
          • abortUpload
          • completeUpload
          • listUploads
        • Static Website Hosting
          • All methods
          • upload
          • get
          • delete
          • Static website response codes
        • CORS
          • All methods
          • XML structure of CORS configuration
          • upload
          • get
          • delete
        • Lifecycles
          • All methods
          • XML structure of lifecycle configuration
          • upload
          • get
          • delete
        • ACL
          • All methods
          • XML structure of ACL configuration
          • objectGetAcl
          • objectPutAcl
          • bucketGetAcl
          • bucketPutAcl
        • Bucket Policy
          • All methods
          • GetBucketPolicy
          • PutBucketPolicy
          • DeleteBucketPolicy
          • Data schema
          • Actions
          • Conditions
        • Common request headers
        • Common response headers
        • Responses
    • gRPC and REST
      • Authentication in the API
      • gRPC
        • Overview
        • BucketService
        • OperationService
      • REST
        • Overview
        • Bucket
          • Overview
          • create
          • delete
          • deleteHTTPSConfig
          • get
          • getHTTPSConfig
          • getStats
          • list
          • setHTTPSConfig
          • update
  • Access management
  • Pricing policy
    • Current pricing policy
    • Archive
      • Before January 1, 2019
      • From January 1 to March 1, 2019
  • Questions and answers
  1. Step-by-step instructions
  2. Buckets
  3. Editing a bucket ACL

Editing a bucket ACL

Written by
Yandex Cloud

    In addition to IAM, Object Storage supports access control using ACLs.

    Management console
    Terraform
    1. In the management console, select the appropriate folder.

    2. Select Object Storage.

    3. To edit the ACL, click to the right of the bucket name and select Bucket ACL.

      You can also click the bucket name and then click Bucket ACL on the page that opens.

    4. In the Edit ACL window, grant or revoke the desired permissions.

    If you don't have Terraform yet, install it and configure the Yandex Cloud provider.

    Before you start, get static access keys: a private key and key ID used for authentication in Object Storage.

    1. In the configuration file, describe the parameters of resources that you want to create:

      • access_key: The ID of the static access key.

      • secret_key: The value of the private access key.

      • bucket: Bucket name. Required parameter.

      • grant: ACL access policy settings. Optional. For access management, use a service account with administrator rights.

        • id: User ID.
        • type: System group type.
        • permissions: Types of permissions according to the ACL.
        • uri: System group ID.
      resource "yandex_storage_bucket" "test" {
        access_key = "<static key identifier>"
        secret_key = "<secret key>"
        bucket = "<bucket name>"
        grant {
          id          = "<user ID>"
          type        = "CanonicalUser"
          permissions = ["FULL_CONTROL"]
        }
      
        grant {
          type        = "Group"
          permissions = ["READ", "WRITE"]
          uri         = "http://acs.amazonaws.com/groups/global/AllUsers"
        }
      }
      

      For more information about the resources you can create using Terraform, see the provider documentation.

    2. Make sure that the configuration files are correct.

      1. In the command line, go to the directory where you created the configuration file.

      2. Run the check using the command:

        terraform plan
        

      If the configuration is described correctly, the terminal displays a list of created resources and their parameters. If there are errors in the configuration, Terraform points them out.

    3. Deploy the cloud resources.

      1. If the configuration doesn't contain any errors, run the command:
      terraform apply
      
      1. Confirm that you want to create the resources.

      Afterwards, all the necessary resources are created in the specified folder. You can check resource availability and their settings in the management console.

    Was the article helpful?

    Language / Region
    © 2022 Yandex.Cloud LLC