amazon web services - What IAM policy do I need to sign an browser-based POST policy document? -


my goal make browser upload form s3 bucket. i'm following instructions here:

http://docs.aws.amazon.com/amazons3/latest/dev/httppostexamples.html

in it, 1 needs create policy document , sign using secret access key. if follow instructions exactly, using administrator-level account (e.g. access things), works.

i prefer have user account specific function , sign document using user's credentials. way, can deprecate key (or entire user) whenever wish. however, not listed in instructions (nor can figure out google/experimentation) precisely what authority user needs in iam in order sign document. i've tried being wide policy below (i renamed bucket name my-bucket), sufficient user log s3's web interface , manage bucket entirely there. however, using upload form still yields access denied. please note desired behavior allow user only upload files specific folder in specific bucket. not delete, get, etc.

{    "statement":[       {          "effect":"allow",          "action":[             "s3:listallmybuckets"          ],          "resource":"arn:aws:s3:::*"       },       {          "effect":"allow",          "action":[             "s3:listbucket",             "s3:getbucketlocation"          ],          "resource":"arn:aws:s3:::my-bucket"       },       {          "effect":"allow",          "action":[             "s3:putobject",             "s3:getobject",             "s3:deleteobject"          ],          "resource":"arn:aws:s3:::my-bucket/*"       }    ] } 

i had same problem, when reading question find answer tried again , works policy, trying several times before didn't work. here info: uploads i'm working cloudfront, think cache problem, after changing policy 1 use, invalidate distribution , works me, hope solved problem!!


Comments

Popular posts from this blog

css - SVG using textPath a symbol not rendering in Firefox -

Java 8 + Maven Javadoc plugin: Error fetching URL -

order - Notification for user in user account opencart -