Welcome to the upcoming version of the MinIO Documentation! The content on this page is under active development and may change at any time. If you can't find what you're looking for, check our legacy documentation. Thank you for your patience.

mc policy

Description

The mc policy command supports setting or removing anonymous policies to a bucket and its contents using AWS S3 JSON policies. Buckets with anonymous policies allow public access where clients can perform any action granted by the policy without.

You can set or remove policies on individual folders or objects inside of a bucket for more granular control over anonymous access to a bucket’s contents.

Examples

Get Current Anonymous Policy for Bucket

Use mc policy get to retrieve the current anonymous policy for a bucket:

mc policy get ALIAS/PATH
  • Replace ALIAS with the alias of a configured S3-compatible host.

  • Replace PATH with the destination bucket.

Use mc policy get-json to retrieve the IAM JSON policy document of a bucket:

mc policy get-json ALIAS/PATH
  • Replace ALIAS with the alias of a configured S3-compatible host.

  • Replace PATH with the destination bucket.

Set Anonymous Policy for Bucket

Use mc policy set to set the anonymous policy for a bucket:

mc policy set POLICY ALIAS/PATH
  • Replace POLICY with a supported permission.

  • Replace ALIAS with the alias of a configured S3-compatible host.

  • Replace PATH with the destination bucket.

Use mc policy set-json to use a IAM JSON policy document to set the anonymous policy for a bucket:

mc policy set-json POLICY ALIAS/PATH
  • Replace POLICY with the JSON-formatted IAM policy document to use for setting the anonymous policy.

  • Replace ALIAS with the alias of a configured S3-compatible host.

  • Replace PATH with the destination bucket.

Remove Anonymous Policy for Bucket

Use mc policy set to clear the anonymous policy for a bucket:

mc policy set none ALIAS/PATH
  • Replace ALIAS with the alias of a configured S3-compatible host.

  • Replace PATH with the destination bucket.

Syntax

policy has the following syntax:

mc policy COMMAND [ARGUMENTS]

policy supports the following commands:

mc policy set

Adds one of the following built-in policies to the specified bucket. The command has the following syntax:

mc policy set PERMISSION TARGET

The command requires the following arguments:

PERMISSION

Name of the policy to assign to the specified TARGET

mc policy set PERMISSION supports the following built-in policies:

  • none - Disable anonymous access to the TARGET.

  • download - Enable download-only access to the TARGET.

  • upload - Enable upload-only access to the TARGET.

  • public - Enable download and upload access to the TARGET.

TARGET

The full path to the bucket, folder, or object to which the command applies the specified PERMISSION. Specify the alias of a configured S3 service as the prefix to the TARGET path. For example:

mc set public play/mybucket
mc policy set-json

Adds an AWS S3 JSON policy to the specified bucket. The command has the following syntax:

mc policy set-json FILE TARGET

The command requires the following arguments:

FILE

The full path to the S3 policy .json file which the command applies to the specified TARGET

TARGET

The full path to the bucket, folder, or object to which the command applies the specified FILE S3 policy document. Specify the alias of a configured S3 service as the prefix to the TARGET path. For example:

mc set public play/mybucket
mc policy get

Prints the current anonymous policy for the specified bucket, folder, or object on the console.

The command has the following syntax:

mc policy get TARGET

The command requires the following arguments:

TARGET

The full path to the bucket, folder, or object for which the command returns the current anonymous policy. Specify the alias of a configured S3 service as the prefix to the TARGET path. For example:

mc set public play/mybucket
mc policy get-json

Returns the current anonymous policy for the specified bucket, folder, or object in JSON format.

The command has the following syntax:

mc policy get-json TARGET

The command requires the following arguments:

TARGET

The full path to the bucket, folder, or object for which the command returns the current anonymous policy JSON document. Specify the alias of a configured S3 service as the prefix to the TARGET path. For example:

mc set public play/mybucket
mc policy list

Prints the anonymous policy for the specified bucket and any folders or objects with a different anonymous policy from the bucket.

The command has the following syntax:

mc policy list TARGET

The command requires the following arguments:

TARGET

The full path to the bucket, folder, or object for which the command returns the current anonymous policy JSON document. Specify the alias of a configured S3 service as the prefix to the TARGET path. For example:

mc set public play/mybucket