Use GetBucketPolicy with an Amazon SDK or CLI
The following code examples show how to use GetBucketPolicy.
- C++
-
- SDK for C++
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. bool AwsDoc::S3::GetBucketPolicy(const Aws::String &bucketName, const Aws::Client::ClientConfiguration &clientConfig) { Aws::S3::S3Client s3_client(clientConfig); Aws::S3::Model::GetBucketPolicyRequest request; request.SetBucket(bucketName); Aws::S3::Model::GetBucketPolicyOutcome outcome = s3_client.GetBucketPolicy(request); if (!outcome.IsSuccess()) { const Aws::S3::S3Error &err = outcome.GetError(); std::cerr << "Error: GetBucketPolicy: " << err.GetExceptionName() << ": " << err.GetMessage() << std::endl; } else { Aws::StringStream policy_stream; Aws::String line; outcome.GetResult().GetPolicy() >> line; policy_stream << line; std::cout << "Retrieve the policy for bucket '" << bucketName << "':\n\n" << policy_stream.str() << std::endl; } return outcome.IsSuccess(); }-
For API details, see GetBucketPolicy in Amazon SDK for C++ API Reference.
-
- CLI
-
- Amazon CLI
-
The following command retrieves the bucket policy for a bucket named
my-bucket:aws s3api get-bucket-policy --bucket my-bucketOutput:
{ "Policy": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::my-bucket/*\"},{\"Sid\":\"\",\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::my-bucket/secret/*\"}]}" }Get and put a bucket policyThe following example shows how you can download an Amazon S3 bucket policy, make modifications to the file, and then use
put-bucket-policyto apply the modified bucket policy. To download the bucket policy to a file, you can run:aws s3api get-bucket-policy --bucket mybucket --query Policy --output text > policy.jsonYou can then modify the
policy.jsonfile as needed. Finally you can apply this modified policy back to the S3 bucket by running:policy.jsonfile as needed. Finally you can apply this modified policy back to the S3 bucket by running:file as needed. Finally you can apply this modified policy back to the S3 bucket by running:
aws s3api put-bucket-policy --bucket mybucket --policy file://policy.json-
For API details, see GetBucketPolicy
in Amazon CLI Command Reference.
-
- Java
-
- SDK for Java 2.x
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. import software.amazon.awssdk.services.s3.model.S3Exception; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.model.GetBucketPolicyRequest; import software.amazon.awssdk.services.s3.model.GetBucketPolicyResponse; /** * Before running this Java V2 code example, set up your development * environment, including your credentials. * * For more information, see the following documentation topic: * * https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html */ public class GetBucketPolicy { public static void main(String[] args) { final String usage = """ Usage: <bucketName> Where: bucketName - The Amazon S3 bucket to get the policy from. """; if (args.length != 1) { System.out.println(usage); System.exit(1); } String bucketName = args[0]; System.out.format("Getting policy for bucket: \"%s\"\n\n", bucketName); Region region = Region.US_EAST_1; S3Client s3 = S3Client.builder() .region(region) .build(); String polText = getPolicy(s3, bucketName); System.out.println("Policy Text: " + polText); s3.close(); } public static String getPolicy(S3Client s3, String bucketName) { String policyText; System.out.format("Getting policy for bucket: \"%s\"\n\n", bucketName); GetBucketPolicyRequest policyReq = GetBucketPolicyRequest.builder() .bucket(bucketName) .build(); try { GetBucketPolicyResponse policyRes = s3.getBucketPolicy(policyReq); policyText = policyRes.policy(); return policyText; } catch (S3Exception e) { System.err.println(e.awsErrorDetails().errorMessage()); System.exit(1); } return ""; } }-
For API details, see GetBucketPolicy in Amazon SDK for Java 2.x API Reference.
-
- JavaScript
-
- SDK for JavaScript (v3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. Get the bucket policy.
import { GetBucketPolicyCommand, S3Client } from "@aws-sdk/client-s3"; const client = new S3Client({}); export const main = async () => { const command = new GetBucketPolicyCommand({ Bucket: "test-bucket", }); try { const { Policy } = await client.send(command); console.log(JSON.parse(Policy)); } catch (err) { console.error(err); } };-
For more information, see Amazon SDK for JavaScript Developer Guide.
-
For API details, see GetBucketPolicy in Amazon SDK for JavaScript API Reference.
-
- Kotlin
-
- SDK for Kotlin
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. suspend fun getPolicy(bucketName: String): String? { println("Getting policy for bucket $bucketName") val request = GetBucketPolicyRequest { bucket = bucketName } S3Client { region = "us-east-1" }.use { s3 -> val policyRes = s3.getBucketPolicy(request) return policyRes.policy } }-
For API details, see GetBucketPolicy
in Amazon SDK for Kotlin API reference.
-
- PowerShell
-
- Tools for PowerShell
-
Example 1: This command outputs the bucket policy associated with the given S3 bucket.
Get-S3BucketPolicy -BucketName 's3testbucket'-
For API details, see GetBucketPolicy
in Amazon Tools for PowerShell Cmdlet Reference.
-
- Python
-
- SDK for Python (Boto3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. class BucketWrapper: """Encapsulates S3 bucket actions.""" def __init__(self, bucket): """ :param bucket: A Boto3 Bucket resource. This is a high-level resource in Boto3 that wraps bucket actions in a class-like structure. """ self.bucket = bucket self.name = bucket.name def get_policy(self): """ Get the security policy of the bucket. :return: The security policy of the specified bucket, in JSON format. """ try: policy = self.bucket.Policy() logger.info( "Got policy %s for bucket '%s'.", policy.policy, self.bucket.name ) except ClientError: logger.exception("Couldn't get policy for bucket '%s'.", self.bucket.name) raise else: return json.loads(policy.policy)-
For API details, see GetBucketPolicy in Amazon SDK for Python (Boto3) API Reference.
-
- Ruby
-
- SDK for Ruby
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository
. # Wraps an Amazon S3 bucket policy. class BucketPolicyWrapper attr_reader :bucket_policy # @param bucket_policy [Aws::S3::BucketPolicy] A bucket policy object configured with an existing bucket. def initialize(bucket_policy) @bucket_policy = bucket_policy end # Gets the policy of a bucket. # # @return [Aws::S3::GetBucketPolicyOutput, nil] The current bucket policy. def get_policy policy = @bucket_policy.data.policy policy.respond_to?(:read) ? policy.read : policy rescue Aws::Errors::ServiceError => e puts "Couldn't get the policy for #{@bucket_policy.bucket.name}. Here's why: #{e.message}" nil end end-
For API details, see GetBucketPolicy in Amazon SDK for Ruby API Reference.
-
For a complete list of Amazon SDK developer guides and code examples, see Using this service with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.