本文為您提供指定的IP地址訪問OSS的參考示例。
- 以下策略表示:在
Allow授權(quán)中增加IP限制,允許通過192.168.0.0/16和172.16.0.0/12兩個(gè)IP地址來讀取myphotos中的信息。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "oss:ListBuckets", "oss:GetBucketStat", "oss:GetBucketInfo", "oss:GetBucketTagging", "oss:GetBucketAcl" ], "Resource": [ "acs:oss:*:*:*" ] }, { "Effect": "Allow", "Action": [ "oss:ListObjects", "oss:GetObject" ], "Resource": [ "acs:oss:*:*:myphotos", "acs:oss:*:*:myphotos/*" ], "Condition":{ "IpAddress": { "acs:SourceIp": ["192.168.0.0/16", "172.16.0.0/12"] } } } ] } - 以下策略表示:在
Deny授權(quán)中增加IP限制,如果源IP地址不是192.168.0.0/16,則禁止對OSS執(zhí)行任何操作。說明 權(quán)限策略的鑒權(quán)規(guī)則是Deny優(yōu)先,所以訪問者從192.168.0.0/16以外的IP地址訪問myphotos中的內(nèi)容時(shí),OSS會(huì)提示沒有權(quán)限。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "oss:ListBuckets", "oss:GetBucketStat", "oss:GetBucketInfo", "oss:GetBucketTagging", "oss:GetBucketAcl" ], "Resource": [ "acs:oss:*:*:*" ] }, { "Effect": "Allow", "Action": [ "oss:ListObjects", "oss:GetObject" ], "Resource": [ "acs:oss:*:*:myphotos", "acs:oss:*:*:myphotos/*" ] }, { "Effect": "Deny", "Action": "oss:*", "Resource": [ "acs:oss:*:*:*" ], "Condition":{ "NotIpAddress": { "acs:SourceIp": ["192.168.0.0/16"] } } } ] }