Define Object ACL
Components
- Bucket Name
- Object Name
- .NET
- PHP
- Python
- Javascript
- GO
using Amazon;
using Amazon.S3;
using Amazon.S3.Model;
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
namespace PutObjectAcl
{
class PutObjectAcl
{
private const string bucketName = "<BUCKET_NAME>";
private const string objectName = "<OBJECT_NAME>";
private const string acl = "private"; // private or public-read
private static IAmazonS3 _s3Client;
public static void Main()
{
var awsCredentials = new Amazon.Runtime.BasicAWSCredentials("<ACCESS-KEY>", "<SECRET-KEY>");
var config = new AmazonS3Config { ServiceURL = "<ENDPOINT>" };
_s3Client = new AmazonS3Client(awsCredentials, config);
PutObjectAclAsync().Wait();
}
private static async Task PutObjectAclAsync()
{
try
{
// Set a new ACL.
PutACLResponse response = await _s3Client.PutACLAsync(new PutACLRequest
{
BucketName = bucketName,
Key = objectName,
CannedACL = acl == "private" ? S3CannedACL.Private : S3CannedACL.PublicRead, // S3CannedACL.PublicRead or S3CannedACL.Private
});
Console.WriteLine($"Access-list {acl} added to {objectName} object");
}
catch (AmazonS3Exception amazonS3Exception)
{
Console.WriteLine("An AmazonS3Exception was thrown. Exception: " + amazonS3Exception.ToString());
}
catch (Exception e)
{
Console.WriteLine("Exception: " + e.ToString());
}
}
}
}
<?php
require('client.php');
$bucket = $config['sample_bucket'];
$key = 'file-uploaded-from-php-sdk.png';
// Use acl subresource to set the access control list (ACL) permissions
// for an object that already exists in a bucket
$params = [
'ACL' => 'public-read', // or private
'Bucket' => $bucket,
'Key' => $key,
];
try {
$resp = $client->putObjectAcl($params);
echo "Succeed in setting object ACL.\n";
} catch (AwsException $e) {
// Display error message
echo $e->getMessage();
echo "\n";
}
import boto3
import logging
from botocore.exceptions import ClientError
# Configure logging
logging.basicConfig(level=logging.INFO)
try:
# S3 resource
s3_resource = boto3.resource(
's3',
endpoint_url='endpoint_url',
aws_access_key_id='access_key',
aws_secret_access_key='secret_key'
)
except Exception as exc:
logging.error(exc)
else:
try:
bucket_name = 'sample_bucket_name'
object_name = 'sample_object_name'
bucket = s3_resource.Bucket(bucket_name)
object_acl = bucket.Object(object_name).Acl()
logging.info(f"Old Object's ACL: {object_acl.grants}")
# update object's ACL
object_acl.put(ACL='public-read') # ACL='private'|'public-read'
object_acl.reload()
logging.info(f"New Object's ACL: {object_acl.grants}")
except ClientError as e:
logging.error(e)
// Import required AWS SDK clients and commands for Node.js
const { S3Client, PutObjectAclCommand } = require('@aws-sdk/client-s3');
// Create an S3 client service object
const s3 = new S3Client({
region: 'default',
endpoint: 'endpoint_url',
credentials: {
accessKeyId: 'access_key',
secretAccessKey: 'secret_key',
},
});
const run = async () => {
try {
const response = await s3.send(
new PutObjectAclCommand({
Bucket: 'sample_bucket',
ACL: 'private',
Key: 'file.png',
})
);
console.log('Success', response);
} catch (err) {
console.log('Error', err);
}
};
run();
package main
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/s3"
"fmt"
"os"
)
// Allows person with EMAIL address PERMISSION access to BUCKET OBJECT
// If PERMISSION is missing, they get READ access.
//
// Usage:
// go run s3_put_bucket_acl.go BUCKET OBJECT ACL
func main() {
if len(os.Args) < 4 {
exitErrorf("Bucket name, object name, and acl: go run", os.Args[0], "BUCKET OBJECT ACL")
}
bucket := os.Args[1]
key := os.Args[2]
acl := os.Args[3]
// Initialize a session in us-west-2 that the SDK will use to load
// credentials from the shared credentials file ~/.aws/credentials.
sess, err := session.NewSession(&aws.Config{
Credentials: credentials.NewStaticCredentials("<ACCESS_KEY>", "<SECRET_KEY>", ""),
})
svc := s3.New(sess, &aws.Config{
Region: aws.String("default"),
Endpoint: aws.String("<ENDPOINT_URL>"),
})
params := &s3.PutObjectAclInput{
Bucket: &bucket,
Key: &key,
ACL: aws.String(acl), // private or public-read
}
// Set bucket ACL
_, err = svc.PutObjectAcl(params)
if err != nil {
exitErrorf(err.Error())
}
fmt.Println("Congratulations. You put", acl, "access-list to bucket", bucket, "object", key)
}
func exitErrorf(msg string, args ...interface{}) {
fmt.Fprintf(os.Stderr, msg+"\n", args...)
os.Exit(1)
}
The following command can be used to execute the aforementioned code, presuming the code file is called s3_put_bucket_acl.go:
go run s3_put_bucket_acl.go BUCKET OBJECT ACL