DigitalOcean

Report this

What is the reason for this report?
Question

How can I set the bucket policy to allow/deny actions for a particular Spaces API user?

Posted on February 12, 2020
DigitalOcean Spaces
bstiel

By bstiel

I need to set a bucket policy so that only one of my API users (defined in Spaces access keys and properly authenticated via key and secret) can perform s3:PutObject and s3:deleteObject.

What do I need to specify as Principal in the policy below?

{
            "Sid": "AllowPrivatePutAndDelete",
            "Effect": "Allow",
            "Principal": {...},
            "Action": [
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket>/*"
            ]
        }

Thanks!



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.