Updated on 2024-02-29 GMT+08:00

Granting an IAM User the Permissions Required to List and Create Buckets

Scenario

This topic describes how to grant an IAM user the permissions required to create and list buckets. An IAM user with this permission can create buckets. The created buckets are still owned by the account of the IAM user. The IAM user can view all buckets under the account.

Recommended Configuration

Permissions to create and list buckets are at OBS service-level, which can be implemented only through IAM. You are advised to use IAM custom policies.

Procedure

  1. Log in to the management console using a cloud service account.
  2. On the top menu bar, choose Service List > Management & Deployment > Identity and Access Management. The IAM console is displayed.
  3. In the navigation pane, choose Policies.
  4. Click Create Custom Policy in the upper right corner.
  5. Configure parameters for a custom policy.

    Table 1 Parameters for configuring a custom policy

    Parameter

    Description

    Policy Name

    Name of the custom policy

    Policy View

    Set this parameter based on your own habits. Visual editor is used here.

    Policy Content

    • Select Allow.
    • Select Object Storage Service (OBS).
    • Select obs:bucket:CreateBucket from ReadWrite actions and obs:bucket:ListAllMyBuckets from ListOnly actions.
    • Select All for resources.

    Scope

    The default value is Global services.

  6. Click OK. The custom policy is created.
  7. Create a user group and assign permissions.

    Add the created custom policy to the user group by following the instructions in the IAM document.

  8. Add the IAM user you want to authorize to the created user group by referring to Adding Users to or Removing Users from a User Group.

    Due to data caching, it takes about 10 to 15 minutes for a custom policy to take effect after the authorization.