This section explains how to use the qq s3_modify_bucket_policy command.

For more information, see:

Examples

To Modify a Statement in an Access Policy for an S3 Bucket

Run the qq s3_modify_bucket_policy command and use the --bucket flag to specify the name of the S3 bucket. For the modify_statement subcommand:

  • Use the --index flag to specify the index of the statement to modify.
  • Use the --type flag to specify the statement type.
  • Use the --sid flag to specify the security identifier.
  • Use the --new-principals flag to specify a comma-separated list of principals (with which to replace the existing ones), enclosed in quotation marks (").
  • Use the --new-actions flag to specify a comma-separated list of S3 API actions (with which to replace the existing ones), enclosed in quotation marks (").

For example:

qq s3_modify_bucket_policy --bucket AnotherBucket \
  modify_statement --index 1 \
    --type Deny \
    --sid DenyGuest \
    --new-principals "Authenticated Users" \
    --new-actions "s3:PutBucketPolicy"

To Append a Statement to an Access Policy for an S3 Bucket

Run the qq s3_modify_bucket_policy command and use the --bucket flag to specify the name of the S3 bucket. For the append_statement subcommand:

  • Use the --type flag to specify the statement type.
  • Use the --sid flag to specify the security identifier.
  • Use the --principals flag to specify a comma-separated list of principals, enclosed in quotation marks (").
  • Use the --actions flag to specify a comma-separated list of S3 API actions, enclosed in quotation marks (").

For example:

qq s3_modify_bucket_policy --bucket MyBucket \
  append_statement --type Allow \
    --sid AllowGuest \
    --principals "local:guest,local:Mary" \
    --actions "s3:GetBucketPolicy,s3:AbortMultipartUpload"

To Delete a Statement from an Access Policy for an S3 Bucket

Run the qq s3_modify_bucket_policy command and use the --bucket flag to specify the name of the S3 bucket. For the delete_statement subcommand, use the --index flag to specify the index of the statement to delete. For example:

qq s3_modify_bucket_policy --bucket MyBucket \
  delete_statement --index 2

Description

Modify the access policy for –bucket.

Usage

qq s3_modify_bucket_policy [-h] --bucket BUCKET [--allow-remove-self] {delete_statement,append_statement,modify_statement} ...

Flags

Flag Name Required Description
--bucket Yes The bucket whose policy will be modified.
--allow-remove-self No Allow the policy set to remove the ability for this user to change the policy.