3

guys.

I am trying to implement some mechanism such that an anonymous AWS user can write to a specific S3 bucket that belongs to me, using a ticket provided by me(such as a random string). There may be restrictions on the object size and there should be a time limit( such as, write to the bucket within 1 hour after I issue the ticket to him). Is there any way to implement such thing using AWS S3 access policies?

Thanks in advance!

Way How
  • 33
  • 3

1 Answers1

1

Yes, this is possible using the Post Object API call on S3.

You'll need to generate and sign a security policy and pass it along with the upload. This policy will contain rules as to what types of files can be uploaded, restrictions on file size, location in your bucket where new files can be uploaded, an expiration date for the policy, etc.

To learn more, check out this example as well as this article.

dcro
  • 13,294
  • 4
  • 66
  • 75
  • Hi. I tried the method mentioned in your feedback. and it works. Now I am trying to implement a similar upload without any html page and human interaction. I found a [.net implementation](http://blogs.aws.amazon.com/net/post/TxEWY3WMAPLUGZ/Uploading-to-Amazon-S3-with-HTTP-POST-using-the-AWS-SDK-for-NET). Do you know similar API exists for python/boto? Thanks! – Way How Oct 06 '14 at 14:59
  • I don't think boto supports this (policy generation & signature), but you don't really need it as it's quite easy to generate a policy & signature in most programming languages - this might be useful: http://stackoverflow.com/questions/7127215/direct-upload-to-s3-using-python-boto-django-to-construct-policy – dcro Oct 06 '14 at 20:24
  • But this POST policy will not be 'one time write' right? you can use it multiple times before it expires? – Darpan Mar 29 '19 at 06:45
  • The policy has an expiration date and it can be reused until it expires. – dcro Mar 29 '19 at 12:29