Skip to main content

vserver object-store-server bucket policy-statement-condition create

Contributors
Suggest changes

Create a bucket policy statement condition

Availability: This command is available to cluster and Vserver administrators at the advanced privilege level.

Description

The vserver object-store-server bucket policy-statement-condition create command creates a single condition for a bucket policy statement in an object store server bucket.

Parameters

-vserver <Vserver Name> - Vserver Name (privilege: advanced)

This parameter specifies the name of the Vserver on which the bucket policy statement condition needs to be created for the object store server bucket.

-bucket <TextNoCase> - Object Store Server Bucket Name (privilege: advanced)

This parameter specifies the name of the object store server bucket for which the policy statement condition needs to be created. The object store bucket must already exist.

-index <integer> - Statement Index (privilege: advanced)

This parameter specifies the index of the object store server bucket policy statement in which a condition needs to be created. The index must already exist.

-operator {ip-address|not-ip-address|string-equals|string-not-equals|string-equals-ignore-case|string-not-equals-ignore-case|string-like|string-not-like|numeric-equals|numeric-not-equals|numeric-greater-than|numeric-greater-than-equals|numeric-less-than|numeric-less-than-equals} - Policy Condition Operator (privilege: advanced)

This parameter specifies the condition operator to be applied on the condition keys specified.

[-source-ips <IP Address or Subnet>,…​] - List of IP Addresses with Access Allowed or Denied (privilege: advanced)

Use this parameter to specify a list of IP addresses for which the access is allowed or denied based on the operator specified.

[-usernames <text>,…​] - List of Usernames with Access Allowed or Denied (privilege: advanced)

Use this parameter to specify a list of object store server users for which the access is allowed or denied based on the operator specified. The user name policy variables '${aws:username}' can be specified here, serving as placeholders that are dynamically replaced with the actual user name during run time based on the request context.

[-prefixes <text>,…​] - List of Prefixes to be Matched (privilege: advanced)

Use this parameter to specify a list of prefixes that are compared with the input prefix value specified at the time of execution of an S3-based command, using the condition operator specified. The user name policy variables '${aws:username}' can be specified here, serving as placeholders that are dynamically replaced with the actual user name during run time based on the request context.

[-max-keys <integer>,…​] - List of Maximum Keys Allowed to be Fetched (privilege: advanced)

Use this parameter to specify a list of max-keys values that are allowed or denied retrieval using an S3 list operation, based on the condition operator specified.

[-delimiters <text>,…​] - List of Delimiters to be Matched (privilege: advanced)

Use this parameter to specify a list of delimiters that are compared with the input delimiter value specified at the time of execution of an S3-based command, using the condition operator specified. The user name policy variables '${aws:username}' can be specified here, serving as placeholders that are dynamically replaced with the actual user name during run time based on the request context.

Examples

The following example creates an object store server bucket policy statement condition for storage virtual machine (SVM) vs1, bucket bucket1, index 1 and ip-address as operator.

cluster1::*> vserver object-store-server bucket policy-statement-condition create -vserver vs1 -bucket bucket1 -index 1 -operator ip-address -source-ips 10.1.1.0/24,10.1.1.1

The following example creates an object store server bucket policy statement condition for storage virtual machine (SVM) vs1, bucket bucket1, index 1, string-like as operator and prefix with the user name policy variable.

cluster1::*> vserver object-store-server bucket policy-statement-condition create -vserver vs1 -bucket bucket1 -index 1 -operator string-like -prefixes ${aws:username}/*