private static async Task GrantPermissionsToWriteLogsAsync()
{
var bucketACL = new S3AccessControlList();
var aclResponse = client.GetACL(new GetACLRequest {
BucketName = targetBucketName
});
bucketACL = aclResponse.AccessControlList;
bucketACL.AddGrant(new S3Grantee {
URI = "http://acs.amazonaws.com/groups/s3/LogDelivery"
}, S3Permission.WRITE);
bucketACL.AddGrant(new S3Grantee {
URI = "http://acs.amazonaws.com/groups/s3/LogDelivery"
}, S3Permission.READ_ACP);
var setACLRequest = new PutACLRequest
{
AccessControlList = bucketACL,
BucketName = targetBucketName
};
await client.PutACLAsync(setACLRequest);
}
private void setS3Permission(String bucketName, String key)
{
// Get the ACL for the file and retrieve the owner ID (not sure how to get it otherwise).
GetACLRequest getAclRequest = new GetACLRequest().WithBucketName(bucketName).WithKey(key);
GetACLResponse aclResponse = s3.GetACL(getAclRequest);
Owner owner = aclResponse.AccessControlList.Owner;
// Create a grantee as the MessageGears account
S3Grantee grantee = new S3Grantee().WithCanonicalUser(properties.MessageGearsAWSCanonicalId, "MessageGears");
// Grant MessageGears Read-only access
S3Permission messageGearsPermission = S3Permission.READ;
S3AccessControlList acl = new S3AccessControlList().WithOwner(owner);
acl.AddGrant(grantee, messageGearsPermission);
// Create a new ACL granting the owner full control.
grantee = new S3Grantee().WithCanonicalUser(owner.Id, "MyAWSId");
acl.AddGrant(grantee, S3Permission.FULL_CONTROL);
SetACLRequest aclRequest = new SetACLRequest().WithACL(acl).WithBucketName(bucketName).WithKey(key);
s3.SetACL(aclRequest);
}
public void SetACL(string fileKey, bool anonymouseReadAccess)
{
SetACLRequest aclRequest = new SetACLRequest();
aclRequest.Key = fileKey;
aclRequest.BucketName = BucketName;
S3AccessControlList aclList = new S3AccessControlList();
Owner owner = new Owner();
owner.Id = "oyesil";
owner.DisplayName = "";
aclList.Owner = owner;
if (anonymouseReadAccess)
{
S3Grantee grantPublicRead = new S3Grantee();
grantPublicRead.URI = " http://acs.amazonaws.com/groups/global/AllUsers";
aclList.AddGrant(grantPublicRead, S3Permission.READ);
}
//Authenticated user read access
S3Grantee grantAuthenticatedRead = new S3Grantee();
grantAuthenticatedRead.URI = " http://acs.amazonaws.com/groups/global/AuthenticatedUsers";
aclList.AddGrant(grantAuthenticatedRead, S3Permission.READ);
aclRequest.ACL = aclList;
Amazon.S3.AmazonS3Client client = new Amazon.S3.AmazonS3Client(ConfigurationLibrary.Config.fileAmazonS3AccessKey,
ConfigurationLibrary.Config.fileAmazonS3SecreyKey);
SetACLResponse aclResponse = client.SetACL(aclRequest);
client.Dispose();
}
static async Task AddACLToExistingObjectAsync(string bucketName, string keyName)
{
// Retrieve the ACL for an object.
GetACLResponse aclResponse = await client.GetACLAsync(new GetACLRequest
{
BucketName = bucketName,
Key = keyName
});
S3AccessControlList acl = aclResponse.AccessControlList;
// Retrieve the owner.
Owner owner = acl.Owner;
// Clear existing grants.
acl.Grants.Clear();
// Add a grant to reset the owner's full permission
// (the previous clear statement removed all permissions).
S3Grant fullControlGrant = new S3Grant
{
Grantee = new S3Grantee {
CanonicalUser = acl.Owner.Id
}
};
acl.AddGrant(fullControlGrant.Grantee, S3Permission.FULL_CONTROL);
// Specify email to identify grantee for granting permissions.
S3Grant grantUsingEmail = new S3Grant
{
Grantee = new S3Grantee {
EmailAddress = emailAddress
},
Permission = S3Permission.WRITE_ACP
};
// Specify log delivery group as grantee.
S3Grant grantLogDeliveryGroup = new S3Grant
{
Grantee = new S3Grantee {
URI = "http://acs.amazonaws.com/groups/s3/LogDelivery"
},
Permission = S3Permission.WRITE
};
// Create a new ACL.
S3AccessControlList newAcl = new S3AccessControlList
{
Grants = new List <S3Grant> {
grantUsingEmail, grantLogDeliveryGroup
},
Owner = owner
};
// Set the new ACL.
PutACLResponse response = await client.PutACLAsync(new PutACLRequest
{
BucketName = bucketName,
Key = keyName,
AccessControlList = newAcl
});
}