GetBucketPolicy

Returns the policy of a specified bucket

If you are using an identity other than the root user of the Petabox account that owns the bucket, the calling identity must have the GetBucketPolicy permissions on the specified bucket and belong to the bucket owner's account in order to use this operation.

If you don't have GetBucketPolicy permissions, Petabox returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Petabox returns a 405 Method Not Allowed error.

Important

To ensure that bucket owners don't inadvertently lock themselves out of their own buckets, the root principal in a bucket owner's Petabox account can perform the GetBucketPolicy, PutBucketPolicy, and DeleteBucketPolicy API actions, even if their bucket policy explicitly denies the root principal's access.

Request Syntax

GET /?policy HTTP/1.1
Host: Bucket.s3.petabox.io
x-amz-expected-bucket-owner: ExpectedBucketOwner

URI Request Parameters

The request uses the following URI parameters.

Bucket

The bucket name for which to get the bucket policy.

Required: Yes

x-amz-expected-bucket-owner

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200

{ Policy in JSON format }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

Examples

Sample Request

The following request returns the policy of the specified bucket.

GET ?policy HTTP/1.1
Host: bucket.s3.<Region>.petabox.io
Date: Wed, 28 Oct 2009 22:32:00 GMT
Authorization: authorization string

Sample Response

This example illustrates one usage of GetBucketPolicy.

HTTP/1.1 200 OK  
x-amz-id-2: Uuag1LuByru9pO4SAMPLEAtRPfTaOFg==  
x-amz-request-id: 656c76696e67SAMPLE57374  
Date: Tue, 04 Apr 2010 20:34:56 GMT  
Connection: keep-alive  
Server: Petabox    


{
"Version":"2008-10-17",
"Id":"aaaa-bbbb-cccc-dddd",
"Statement" : [
    {
        "Effect":"Deny",
        "Sid":"1", 
        "Principal" : {
           "AWS":["111122223333","444455556666"]
        },
        "Action":["s3:*"],
        "Resource":"arn:aws:s3:::bucket/*"
     }
 ] 
}

PreviousPutBucketPolicy NextDeleteBucketPolicy

Last updated 1 month ago

URI Request Parameters

The request uses the following URI parameters.

Bucket

The bucket name for which to get the bucket policy.

Required: Yes

x-amz-expected-bucket-owner

The account ID of the expected bucket owner. If the bucket is owned by a different account, the request fails with the HTTP status code 403 Forbidden (access denied).

Examples

Sample Request

The following request returns the policy of the specified bucket.

GET ?policy HTTP/1.1
Host: bucket.s3.<Region>.petabox.io
Date: Wed, 28 Oct 2009 22:32:00 GMT
Authorization: authorization string

Sample Response

This example illustrates one usage of GetBucketPolicy.

HTTP/1.1 200 OK  
x-amz-id-2: Uuag1LuByru9pO4SAMPLEAtRPfTaOFg==  
x-amz-request-id: 656c76696e67SAMPLE57374  
Date: Tue, 04 Apr 2010 20:34:56 GMT  
Connection: keep-alive  
Server: Petabox    


{
"Version":"2008-10-17",
"Id":"aaaa-bbbb-cccc-dddd",
"Statement" : [
    {
        "Effect":"Deny",
        "Sid":"1", 
        "Principal" : {
           "AWS":["111122223333","444455556666"]
        },
        "Action":["s3:*"],
        "Resource":"arn:aws:s3:::bucket/*"
     }
 ] 
}