本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 使用儲存貯體政策管理對 Amazon S3 儲存貯體的存取
您可以設定、取得或刪除儲存*貯體政策*,以管理對 Amazon S3 儲存貯體的存取。
## 先決條件
開始之前,建議您先閱讀[開始使用 適用於 C\+\+ 的 AWS SDK](getting-started.md)。
下載範例程式碼並建置解決方案,如中所述[程式碼範例入門](getting-started-code-examples.md)。
若要執行範例,您的程式碼用來提出請求的使用者描述檔必須具有 AWS (針對 服務和 動作) 的適當許可。如需詳細資訊,請參閱[提供 AWS 登入](credentials.md)資料。
## 設定儲存貯體政策
您可以呼叫 `S3Client`的 `PutBucketPolicy`函數,並在 [PutBucketPolicyRequest](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-s3/html/class_aws_1_1_s3_1_1_model_1_1_put_bucket_policy_request.html) 中提供儲存貯體名稱和政策的 JSON 表示法,來設定特定 S3 儲存貯體的儲存貯體政策。
**Code**
```
//! Build a policy JSON string.
/*!
\param userArn: Aws user Amazon Resource Name (ARN).
For more information, see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns.
\param bucketName: Name of a bucket.
\return String: Policy as JSON string.
*/
Aws::String getPolicyString(const Aws::String &userArn,
const Aws::String &bucketName) {
return
"{\n"
" \"Version\":\"2012-10-17\",\n"
" \"Statement\":[\n"
" {\n"
" \"Sid\": \"1\",\n"
" \"Effect\": \"Allow\",\n"
" \"Principal\": {\n"
" \"AWS\": \""
+ userArn +
"\"\n"" },\n"
" \"Action\": [ \"s3:getObject\" ],\n"
" \"Resource\": [ \"arn:aws:s3:::"
+ bucketName +
"/*\" ]\n"
" }\n"
" ]\n"
"}";
}
```
```
bool AwsDoc::S3::putBucketPolicy(const Aws::String &bucketName,
const Aws::String &policyBody,
const Aws::S3::S3ClientConfiguration &clientConfig) {
Aws::S3::S3Client s3Client(clientConfig);
std::shared_ptr request_body =
Aws::MakeShared("");
*request_body << policyBody;
Aws::S3::Model::PutBucketPolicyRequest request;
request.SetBucket(bucketName);
request.SetBody(request_body);
Aws::S3::Model::PutBucketPolicyOutcome outcome =
s3Client.PutBucketPolicy(request);
if (!outcome.IsSuccess()) {
std::cerr << "Error: putBucketPolicy: "
<< outcome.GetError().GetMessage() << std::endl;
} else {
std::cout << "Set the following policy body for the bucket '" <<
bucketName << "':" << std::endl << std::endl;
std::cout << policyBody << std::endl;
}
return outcome.IsSuccess();
}
```
**注意**
[Aws::Utils::Json::JsonValue](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-core/html/class_aws_1_1_utils_1_1_json_1_1_json_value.html) 公用程式類別可用來協助您建構有效的 JSON 物件以傳遞至 `PutBucketPolicy`。
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/s3/put_bucket_policy.cpp)。
## 取得儲存貯體政策
若要擷取 Amazon S3 儲存貯體的政策,請呼叫 `S3Client`的 `GetBucketPolicy`函數,並在 [GetBucketPolicyRequest](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-s3/html/class_aws_1_1_s3_1_1_model_1_1_get_bucket_policy_request.html) 中傳遞儲存貯體的名稱。
**Code**
```
bool AwsDoc::S3::getBucketPolicy(const Aws::String &bucketName,
const Aws::S3::S3ClientConfiguration &clientConfig) {
Aws::S3::S3Client s3Client(clientConfig);
Aws::S3::Model::GetBucketPolicyRequest request;
request.SetBucket(bucketName);
Aws::S3::Model::GetBucketPolicyOutcome outcome =
s3Client.GetBucketPolicy(request);
if (!outcome.IsSuccess()) {
const Aws::S3::S3Error &err = outcome.GetError();
std::cerr << "Error: getBucketPolicy: "
<< err.GetExceptionName() << ": " << err.GetMessage() << std::endl;
} else {
Aws::StringStream policy_stream;
Aws::String line;
outcome.GetResult().GetPolicy() >> line;
policy_stream << line;
std::cout << "Retrieve the policy for bucket '" << bucketName << "':\n\n" <<
policy_stream.str() << std::endl;
}
return outcome.IsSuccess();
}
```
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/s3/get_bucket_policy.cpp)。
## 刪除儲存貯體政策
若要刪除儲存貯體政策,請呼叫 `S3Client`的 `DeleteBucketPolicy`函數,在 [DeleteBucketPolicyRequest](https://docs.aws.amazon.com/sdk-for-cpp/latest/api/aws-cpp-sdk-s3/html/class_aws_1_1_s3_1_1_model_1_1_delete_bucket_policy_request.html) 中提供儲存貯體名稱。
**Code**
```
bool AwsDoc::S3::deleteBucketPolicy(const Aws::String &bucketName,
const Aws::S3::S3ClientConfiguration &clientConfig) {
Aws::S3::S3Client client(clientConfig);
Aws::S3::Model::DeleteBucketPolicyRequest request;
request.SetBucket(bucketName);
Aws::S3::Model::DeleteBucketPolicyOutcome outcome = client.DeleteBucketPolicy(request);
if (!outcome.IsSuccess()) {
const Aws::S3::S3Error &err = outcome.GetError();
std::cerr << "Error: deleteBucketPolicy: " <<
err.GetExceptionName() << ": " << err.GetMessage() << std::endl;
} else {
std::cout << "Policy was deleted from the bucket." << std::endl;
}
return outcome.IsSuccess();
}
```
即使儲存貯體還沒有政策,此函數也會成功。如果您指定不存在的儲存貯體名稱,或如果您無法存取儲存貯體,`AmazonServiceException`則會擲出 。
請參閱 GitHub 上的[完整範例](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/cpp/example_code/s3/delete_bucket_policy.cpp)。
## 詳細資訊
+ Amazon Simple Storage Service API 參考中的 [PutBucketPolicy](https://docs.aws.amazon.com/AmazonS3/latest/API/PutBucketPolicy.html)
+ Amazon Simple Storage Service API 參考中的 [GetBucketPolicy](https://docs.aws.amazon.com/AmazonS3/latest/API/GetBucketPolicy.html)
+ Amazon Simple Storage Service API 參考中的 [DeleteBucketPolicy](https://docs.aws.amazon.com/AmazonS3/latest/API/DeleteBucketPolicy.html)
+ 《Amazon Simple Storage Service 使用者指南》中的[存取政策語言概觀](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html)
+ 《Amazon Simple Storage Service 使用者指南》中的[儲存貯體政策範例](https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html)