Help Center/ Content Delivery Network/ Best Practices/ Configuring a Policy for a Custom OBS Private Bucket
Updated on 2024-01-11 GMT+08:00

Configuring a Policy for a Custom OBS Private Bucket

If you use a custom OBS private bucket as the CDN origin server, that is, use an OBS private bucket under another account as the origin server, you need to configure a policy for the private bucket on OBS Console.

Procedure

  1. In the navigation pane of OBS Console, choose Object Storage.
  2. In the bucket list, click the name of the bucket to be operated.

    The Objects page of the bucket is displayed.

  3. In the navigation pane, choose Permissions > Bucket Policy.
  4. Click Create Bucket Policy.
  5. In the first row of the template list, click Create Custom Policy on the right.
    • Policy View: Select Visual editor.
    • Policy Name: Enter a name.
    • Policy Content: Select Allow.

  6. Configure authorized users.
    • Principal: Select Other account.
    • Account ID: Enter the ID of the account that uses CDN acceleration.
    • IAM User ID: Enter the ID of an IAM user under another account if you only want to grant permissions to this IAM user. If no IAM user is configured, enter *.
    • User Policy: Select Include specified users.

  7. Configure resources.
    • Resource: Select the current bucket or objects in the bucket.

  8. Configure actions.
    • Select the action to be authorized. The asterisk (*) indicates all actions.

  9. On the Confirm Policy page, click Create.
  10. Click the edit icon on the right of the created bucket policy and click the JSON tab.
    • Change domain/Account ID:user/User ID in Policy Content to domain/Account ID:agency/*.

  11. Click Next and then Yes to complete the configuration.