# Understanding and Creating a Basic e3 Bucket Policy In this guide we will walk you through the general structure of a bucket policy for our eazyBackup e3 object storage service and show you how to create a policy that denies a specific user from uploading any objects to a particular bucket. **What is a Bucket Policy?** A bucket policy is a set of rules (written in JSON format) that defines who can perform certain actions on a bucket and the objects within it. It's a great way to manage access permissions for your storage. **Structure of a Bucket Policy** A bucket policy consists of a few key components: * `Version`: The policy language version (usually `"2012-10-17"`). * `Statement`: An array containing one or more individual permission statements. Each statement includes: * `Sid` (Statement ID): An optional identifier for your statement (e.g., `"DenyUserUploads"`). * `Effect`: Specifies whether to `"Allow"` or `"Deny"` the action (a `Deny` always overrides an `Allow`). * `Principal`: The user, account, or service that the statement applies to. * `Action`: The specific e3 storage action(s) this statement controls (e.g., `"s3:PutObject"` for uploading). * `Resource`: The bucket or objects the statement applies to. **Finding Your Account ID and Username** To create a policy for a specific user, you'll need your **Account ID** and **Username**. You can find this information in your eazyBackup e3 Cloud Storage Dashboard: 1. Navigate to the **Access Keys** page. 2. You will find the **Account ID** and **Username** listed on the Access Keys page and the Users page. **Constructing the Principal ARN** For e3 bucket policies, the `Principal` is typically specified using an Amazon Resource Name (ARN). For our service, you'll construct it like this: `arn:aws:iam::ACCOUNT_ID:user/USERNAME` Replace `ACCOUNT_ID` and `USERNAME` with the **Account ID** and **Username** you found in your Dashboard Access Keys page. **Example Policy: Deny All Uploads for a Specific User** Let's create a simple policy that denies the user (identified by their `ACCOUNT_ID` and `USERNAME`) all `s3:PutObject` (upload) permissions for a bucket named `your-bucket-name`. 1. **Replace Placeholders**: * `your-account-id` with your actual Account ID. * `your-username` with your actual Username. * `your-bucket-name` with the name of the bucket you want to apply this policy to. 2. **Policy JSON**: ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "DenyAllUploadsForSpecificUser", "Effect": "Deny", "Principal": { "AWS": [ "arn:aws:iam::your-account-id:user/your-username" ] }, "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::your-bucket-name/*" ] } ] } ``` **Breakdown of the Example Policy:** * `"Sid": "DenyAllUploadsForSpecificUser"`: The descriptive name for this rule. * `"Effect": "Deny"`: This rule will prevent the specified actions. * `"Principal": { "AWS": ["arn:aws:iam::your-account-id:user/your-username"] }`: Identifies the specific e3 user this rule applies to. Note the use of an array `[]` around the ARN. * `"Action": ["s3:PutObject"]`: Specifies that the action being denied is uploading objects. Note the use of an array `[]`. * `"Resource": ["arn:aws:s3:::your-bucket-name/*"]`: Specifies that this rule applies to all objects (`/*`) within the bucket named `your-bucket-name`. Note the use of an array `[]`. **Applying the Policy** You can apply this policy to your bucket using S3-compatible tools like the AWS CLI, configured with the eazyBackup e3 service endpoint and credentials. When using the AWS CLI, you would typically save the policy to a JSON file (e.g., `deny-uploads-policy.json`) and then use a command like: `aws s3api put-bucket-policy --bucket your-bucket-name --policy file://deny-uploads-policy.json --endpoint-url ` **Important:** Always test your policies carefully to ensure they grant or restrict access exactly as you intend. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.eazybackup.com/e3-object-storage/understanding-and-creating-a-basic-e3-bucket-policy.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.