All Products
Search

This Product

    Object Storage Service:Access tracking

    Document Center

    Object Storage Service:Access tracking

    Last Updated:Feb 27, 2025

    This topic describes how to configure the access tracking feature for buckets using Object Storage Service (OSS) SDK for Go V2.

    Usage notes

    • The sample code in this topic uses the region ID cn-hangzhou of the China (Hangzhou) region. By default, the public endpoint is used to access resources in a bucket. If you want to access resources in the bucket by using other Alibaba Cloud services in the same region in which the bucket is located, use an internal endpoint. For more information about the regions and endpoints supported by Object Storage Service (OSS), see OSS regions and endpoints.

    • In this topic, access credentials are obtained from environment variables. For more information about how to configure access credentials, see Configure access credentials.

    Sample code

    Enable access tracking

    The following code provides an example of how to enable access tracking for a bucket.

    package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)

// Define global variables.
var (
	region     string // Region in which your bucket is located.
	bucketName string // Name of the bucket.
)

// Specify the init function used to initialize command line parameters.
func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

// The main function used to enable access tracking for the bucket.
func main() {
	// Parse command line parameters.
	flag.Parse()

	// Check whether the name of the bucket is specified.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	// Check whether the region is specified.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	// Load the default configurations and specify the credential provider and region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	// Create an OSS client.
	client := oss.NewClient(cfg)

	// Create a request to enable access tracking for the bucket.
	request := &oss.PutBucketAccessMonitorRequest{
		Bucket: oss.Ptr(bucketName),
		AccessMonitorConfiguration: &oss.AccessMonitorConfiguration{
			Status: oss.AccessMonitorStatusEnabled, // Enable access tracking.
		},
	}

	// Enable access tracking.
	putResult, err := client.PutBucketAccessMonitor(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to put bucket access monitor %v", err)
	}

	// Display the result.
	log.Printf("put bucket access monitor result: %#v\n", putResult)
}

    Query the access tracking status

    The following code provides an example of how to query the access tracking status.

    package main

import (
	"context"
	"flag"
	"log"

	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss"
	"github.com/aliyun/alibabacloud-oss-go-sdk-v2/oss/credentials"
)

// Define global variables.
var (
	region     string // Region in which your bucket is located.
	bucketName string // Name of the bucket.
)

// Specify the init function used to initialize command line parameters.
func init() {
	flag.StringVar(&region, "region", "", "The region in which the bucket is located.")
	flag.StringVar(&bucketName, "bucket", "", "The name of the bucket.")
}

func main() {
	// Parse command line parameters.
	flag.Parse()

	// Check whether the name of the bucket is specified.
	if len(bucketName) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, bucket name required")
	}

	// Check whether the region is specified.
	if len(region) == 0 {
		flag.PrintDefaults()
		log.Fatalf("invalid parameters, region required")
	}

	// Load the default configurations and specify the credential provider and region.
	cfg := oss.LoadDefaultConfig().
		WithCredentialsProvider(credentials.NewEnvironmentVariableCredentialsProvider()).
		WithRegion(region)

	// Create an OSS client.
	client := oss.NewClient(cfg)

	// Create a request to query the access tracking configurations of the bucket.
	request := &oss.GetBucketAccessMonitorRequest{
		Bucket: oss.Ptr(bucketName),
	}

	// Perform the query operation and process the result.
	result, err := client.GetBucketAccessMonitor(context.TODO(), request)
	if err != nil {
		log.Fatalf("failed to get bucket access monitor %v", err)
	}

	// Display the result.
	log.Printf("get bucket access monitor result:%#v\n", result)
}

    References

    • For more information about the API operation that you can call to enable access tracking, see PutBucketAccessMonitor.

    • For more information about the API operation that you can call to query the access tracking status, see GetBucketAccessMonitor.