diff --git a/docs/resources/workspace_bucket_authorize.md b/docs/resources/workspace_bucket_authorize.md
new file mode 100644
index 00000000000..e86c1fd54f8
--- /dev/null
+++ b/docs/resources/workspace_bucket_authorize.md
@@ -0,0 +1,36 @@
+---
+subcategory: "Workspace"
+layout: "huaweicloud"
+page_title: "HuaweiCloud: huaweicloud_workspace_bucket_authorize"
+description: |-
+  Use this resource to create and authorize a default bucket within HuaweiCloud.
+---
+
+# huaweicloud_workspace_bucket_authorize
+
+Use this resource to create and authorize a default bucket within HuaweiCloud.
+
+-> This resource is only a one-time action resource for creating and authorizing a default bucket. Deleting this
+   resource will not delete the corresponding default bucket from the OBS service, but will only remove the resource
+   information from the tfstate file.
+
+## Example Usage
+
+```hcl
+resource "huaweicloud_workspace_bucket_authorize" "test" {}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `region` - (Optional, String, ForceNew) Specifies the region where the bucket to be authorized is located.  
+  If omitted, the provider-level region will be used. Changing this parameter will create a new resource.
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `id` - The resource ID.
+
+* `bucket_name` - The name of the bucket that was created and authorized.
diff --git a/huaweicloud/provider.go b/huaweicloud/provider.go
index 4323dc37128..245b52f586a 100644
--- a/huaweicloud/provider.go
+++ b/huaweicloud/provider.go
@@ -3699,6 +3699,7 @@ func Provider() *schema.Provider {
 			"huaweicloud_workspace_application_rule_restriction":         workspace.ResourceApplicationRuleRestriction(),
 			"huaweicloud_workspace_application_rule_restriction_setting": workspace.ResourceApplicationRuleRestrictionSetting(),
 			"huaweicloud_workspace_application_visibility_batch_action":  workspace.ResourceApplicationVisibilityBatchAction(),
+			"huaweicloud_workspace_bucket_authorize":                     workspace.ResourceBucketAuthorize(),
 			"huaweicloud_workspace_desktop_name_rule":                    workspace.ResourceDesktopNameRule(),
 			"huaweicloud_workspace_desktop":                              workspace.ResourceDesktop(),
 			"huaweicloud_workspace_desktop_notification":                 workspace.ResourceDesktopNotification(),
diff --git a/huaweicloud/services/acceptance/workspace/resource_huaweicloud_workspace_bucket_authorize_test.go b/huaweicloud/services/acceptance/workspace/resource_huaweicloud_workspace_bucket_authorize_test.go
new file mode 100644
index 00000000000..9bd6b6fab41
--- /dev/null
+++ b/huaweicloud/services/acceptance/workspace/resource_huaweicloud_workspace_bucket_authorize_test.go
@@ -0,0 +1,37 @@
+package workspace
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/services/acceptance"
+)
+
+func TestAccResourceBucketAuthorize_basic(t *testing.T) {
+	var (
+		resourceName = "huaweicloud_workspace_bucket_authorize.test"
+	)
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			acceptance.TestAccPreCheck(t)
+		},
+		ProviderFactories: acceptance.TestAccProviderFactories,
+		// This resource is a one-time action resource and there is no logic in the delete method.
+		// lintignore:AT001
+		CheckDestroy: nil,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccResourceBucketAuthorize_basic,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet(resourceName, "bucket_name"),
+				),
+			},
+		},
+	})
+}
+
+const testAccResourceBucketAuthorize_basic = `
+resource "huaweicloud_workspace_bucket_authorize" "test" {}
+`
diff --git a/huaweicloud/services/workspace/resource_huaweicloud_workspace_bucket_authorize.go b/huaweicloud/services/workspace/resource_huaweicloud_workspace_bucket_authorize.go
new file mode 100644
index 00000000000..9faea0a0342
--- /dev/null
+++ b/huaweicloud/services/workspace/resource_huaweicloud_workspace_bucket_authorize.go
@@ -0,0 +1,104 @@
+package workspace
+
+import (
+	"context"
+	"strings"
+
+	"github.com/hashicorp/go-multierror"
+	"github.com/hashicorp/go-uuid"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/chnsz/golangsdk"
+
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/config"
+	"github.com/huaweicloud/terraform-provider-huaweicloud/huaweicloud/utils"
+)
+
+// @API Workspace POST /v1/{project_id}/app-center/buckets
+func ResourceBucketAuthorize() *schema.Resource {
+	return &schema.Resource{
+		CreateContext: resourceBucketAuthorizeCreate,
+		ReadContext:   resourceBucketAuthorizeRead,
+		DeleteContext: resourceBucketAuthorizeDelete,
+
+		Schema: map[string]*schema.Schema{
+			"region": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				ForceNew:    true,
+				Description: `The region where the bucket to be authorized is located.`,
+			},
+			"bucket_name": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: `The name of the bucket that was created and authorized.`,
+			},
+		},
+	}
+}
+
+func resourceBucketAuthorizeCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	var (
+		cfg     = meta.(*config.Config)
+		region  = cfg.GetRegion(d)
+		httpUrl = "v1/{project_id}/app-center/buckets"
+	)
+
+	client, err := cfg.NewServiceClient("workspace", region)
+	if err != nil {
+		return diag.Errorf("error creating Workspace client: %s", err)
+	}
+
+	createPath := client.Endpoint + httpUrl
+	createPath = strings.ReplaceAll(createPath, "{project_id}", client.ProjectID)
+
+	opt := golangsdk.RequestOpts{
+		KeepResponseBody: true,
+		MoreHeaders: map[string]string{
+			"Content-Type": "application/json",
+		},
+	}
+
+	resp, err := client.Request("POST", createPath, &opt)
+	if err != nil {
+		return diag.Errorf("error creating and authorizing bucket: %s", err)
+	}
+
+	respBody, err := utils.FlattenResponse(resp)
+	if err != nil {
+		return diag.Errorf("error flattening bucket authorization response: %s", err)
+	}
+
+	randUUID, err := uuid.GenerateUUID()
+	if err != nil {
+		return diag.Errorf("unable to generate ID: %s", err)
+	}
+	d.SetId(randUUID)
+
+	mErr := multierror.Append(nil,
+		d.Set("bucket_name", utils.PathSearch("bucket_name", respBody, nil)),
+	)
+	if mErr.ErrorOrNil() != nil {
+		return diag.Errorf("error setting bucket authorization attributes: %s", mErr)
+	}
+
+	return resourceBucketAuthorizeRead(ctx, d, meta)
+}
+
+func resourceBucketAuthorizeRead(_ context.Context, _ *schema.ResourceData, _ interface{}) diag.Diagnostics {
+	return nil
+}
+
+func resourceBucketAuthorizeDelete(_ context.Context, _ *schema.ResourceData, _ interface{}) diag.Diagnostics {
+	errorMsg := `This resource is only a one-time action resource for creating and authorizing a default bucket.
+Deleting this resource will not clear the corresponding request record, but will only remove the resource information
+from the tfstate file.`
+	return diag.Diagnostics{
+		diag.Diagnostic{
+			Severity: diag.Warning,
+			Summary:  errorMsg,
+		},
+	}
+}