dodil k3 bucket policy
S3-style ACL on a bucket — set, get, delete. Mirrors Policy — API Reference. See Core Concepts → Policy for the BucketPolicy type signature.
dodil k3 bucket policy set
dodil k3 bucket policy set [name] -f FILE
dodil k3 bucket policy set [name] -f - # read from stdinReads a JSON document (file or stdin) and applies it as the bucket’s policy via SetBucketPolicy. The JSON must match the BucketPolicy shape — version + statements array, camelCase fields, POLICY_EFFECT_ALLOW / POLICY_EFFECT_DENY wire-name strings for effects.
| Flag | Short | Type | Default | Description |
|---|---|---|---|---|
--file | -f | string | - | JSON file path, or - for stdin |
Example — from a file:
cat > policy.json <<'EOF'
{
"version": "2024-01-01",
"statements": [
{
"sid": "allow-public-read",
"effect": "POLICY_EFFECT_ALLOW",
"principal": { "aws": ["*"] },
"actions": ["s3:GetObject"],
"resources": ["arn:aws:s3:::kb-prod/public/*"]
}
]
}
EOF
dodil k3 bucket policy set kb-prod -f policy.jsonOr via stdin (handy in pipelines):
jq '.' policy.json | dodil k3 bucket policy set kb-prod -f -dodil k3 bucket policy get
dodil k3 bucket policy get [name]Returns the current BucketPolicy. Use --output json for the canonical pbjson form (suitable for editing and piping back into policy set -f -).
Example — fetch, edit, push back:
dodil k3 bucket policy get kb-prod --output json > current.json
# ...edit current.json...
dodil k3 bucket policy set kb-prod -f current.jsondodil k3 bucket policy delete
dodil k3 bucket policy delete [name]Removes the policy from the bucket. The bucket’s access_mode (private / public) takes over from there.
Example:
dodil k3 bucket policy delete kb-prodSee also
- Policy — API Reference —
SetBucketPolicy/GetBucketPolicy/DeleteBucketPolicy - Core Concepts → Policy —
BucketPolicytype dodil k3 bucket·dodil k3 bucket cors·dodil k3 object·dodil k3 mount