Setting permissions using AWS CLI

This article lists several aws-cli commands you can use to change permissions on your DreamObjects data. View the following article for information on how to install and configure AWS CLI:

Setting ALL Object permissions in a bucket

The following command changes the permissions for every object in your bucket. Please note that DreamObjects does not currently support bucket policies, as such you must use the following workaround instead.

Make sure to update the following:

  • --bucket my-bucket — Change to your bucket name
  • --acl — Change this to either private or public-read
[user@localhost]$ aws --endpoint-url https://objects-us-east-1.dream.io s3api list-objects --bucket my-bucket | grep Key | cut -c 20- | rev | cut -c 3-|rev | awk '{cmd="aws --endpoint https://objects-us-east-1.dream.io s3api put-object-acl --acl public-read --bucket=my-bucket --key "$0; system(cmd)}' 

The following example is the same as above, it just splits the lines apart to make it easier to read:

[user@localhost]$ aws --endpoint-url https://objects-us-east-1.dream.io \ 
s3api list-objects --bucket my-bucket | \
grep Key | cut -c 20- | rev | cut -c 3-|rev | \
awk '{cmd="aws --endpoint https://objects-us-east-1.dream.io \
s3api put-object-acl --acl public-read \
--bucket=my-bucket --key "$0; system(cmd)}'

Single Object permissions

View an Object's permissions

This displays the permissions of an Object named test.txt in a bucket titled my-bucket. You can see the user of the bucket has full control, but no other public permissions display. This indicates that the permissions on the file are Private.

[user@localhost]$ aws --endpoint-url https://objects-us-east-1.dream.io s3api get-object-acl --bucket my-bucket --key test.txt
{
    "Owner": {
        "DisplayName": "my-user",
        "ID": "my-user"
    },
    "Grants": [
        {
            "Grantee": {
                "Type": "CanonicalUser",
                "DisplayName": "my-user",
                "ID": "my-user"
            },
            "Permission": "FULL_CONTROL"
        }
    ]
}

Set an Object's permissions to PUBLIC

To set an Objects' permissions, use put-object-acl.

This sets an Object named test.txt in the bucket titled my-bucket to PUBLIC READ permissions. 

[user@localhost]$ aws --endpoint-url https://objects-us-east-1.dream.io s3api put-object-acl --bucket my-bucket --key test.txt --acl public-read

Check the permissions again and you'll see a new Grantee section showing all users can read the Object.

[user@localhost]$ aws --endpoint-url https://objects-us-east-1.dream.io s3api get-object-acl --bucket my-user-bucket --key test.txt
{
    "Owner": {
        "DisplayName": "my-east-user",
        "ID": "my-east-user"
    },
    "Grants": [
        {
            "Grantee": {
                "Type": "Group",
                "URI": "http://acs.amazonaws.com/groups/global/AllUsers"
            },
            "Permission": "READ"
        },
        {
            "Grantee": {
                "Type": "CanonicalUser",
                "DisplayName": "my-east-user",
                "ID": "my-east-user"
            },
            "Permission": "FULL_CONTROL"
        }
    ]
}

If you check in your DreamObjects panel, you'll see the permissions on this file are now PUBLIC.

Set an Object's permissions to PRIVATE

This sets an Object named test.txt in the bucket titled my-bucket to PRIVATE permissions.

[user@localhost]$ aws --endpoint-url https://objects-us-east-1.dream.io s3api put-object-acl --bucket my-bucket --key test.txt --acl private

Did this article answer your questions?

Article last updated PST.