Home:ALL Converter>Policy document for object for AWS s3 - What ACL

Policy document for object for AWS s3 - What ACL

Ask Time:2018-06-08T22:09:06         Author:sonic

Json Formatter

What i want to accomplish is sending file direct from browser to s3 with signature-v4. I have problem with constructing policy document for object

From this: https://blog.shikisoft.com/signing-aws-s3-uploads-with-signature-v4-ruby-on-rails-angularjs/

I can see how this document should look:

Base64.encode64(
    {
      "expiration" => 1.hour.from_now.utc.xmlschema,
      "conditions" => [
        { "bucket" =>  bucket },
        [ "starts-with", "$key", "" ],
        { "acl" => "private" },
        [ "starts-with", "$Content-Type", "" ],
        {"x-amz-algorithm" => x_amz_algorithm },
        {"x-amz-credential" => x_amz_credential },
        {"x-amz-date" => x_amz_date},
        [ "content-length-range", 0, 524288000 ]
      ]
    }.to_json

I dont know what ACL should i use.

I want to give user permission only to upload a file with certain .extension(s), and after this user shoudnt be able to delete it or even read it. The permission should be only for that file

Here is a list of ACL permissions (I belive it is right place ) https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl

Can I achive somehow permission only for upload, only for delete, only for read, only for read and delete for one file ? The other question is Content Type that I belive should be generated based on extension.

Please forgive me if I lack some basic concepts

EDIT 1

I didnt mention that I want to use multipart upload and from docs of aws https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html

beside s3:getObject, s3:putObject, I need to give s3:ListMultipartUploadParts also

How can I restrict it only to files or folders ? The case is that every user has private files and should have access only to files that he owns

Author:sonic,eproduced under the CC 4.0 BY-SA copyright license with a link to the original source and this disclaimer.
Link to original article:https://stackoverflow.com/questions/50762508/policy-document-for-object-for-aws-s3-what-acl
yy