Amazon-Web-Services – uploaded from the form to S3

{ "expiration": "2015-12-30T12:00:00.000Z",
 "conditions" : [
 {"bucket": "sigv4examplebucket"},
 ["starts-with", "$key", "user/user1/"],
 {"acl": " public-read"},
 {"success_action_redirect": "http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html"},
 ["starts-with", "$Content-Type ", "image/"],
 {"x-amz-meta-uuid": "14365123651274"},
 {"x-amz-server-side-encryption": "AES256"}, 
 ["starts-with", "$x-amz-meta-tag", ""],

 {"x-amz-credential": "AKIAIOSFODNN7EXAMPLE/20151229/us- east-1/s3/aws4_request"},
 {"x-amz-algorithm": "AWS4-HMAC-SHA256"},
 {"x-amz-date": "20151229T000000Z" }< br /> ]
}

 
 
 
 

 Key to upload: 
 < input type="input" name="key" value="user/user1/${filename}" />

 
 
 Content-Type: < br /> 

  
  
 
 
 

 Tags for File: 
 

 
 
 File: 
  

 
 
 

 

I am trying to upload a mp3 file to my S3 bucket. I read somewhere that the best way is to upload the file from the html form directly to S3 without Pipeline transmission through the server. But I want to know: Is this method safe? For security reasons, do you need a server, such as application access keys, etc.?

In addition, I found it difficult to make it work. I think the official explanation is not very detailed.

I am following this guide: http://docs.aws. amazon.com/AmazonS3/latest/API/sigv4-post-example.html This is the official guide. I’m not sure I am doing it right. Can you tell me this is the right way and what I did wrong:

1. I fill in a Policy object

{ "expiration": "2015-12-30T12:00:00.000Z",
 "conditions" : [
 {"bucket": "sigv4examplebucket"},
 ["starts-with", "$key", "user/user1/"],
 {"acl": " public-read"},
 {"success_action_redirect": "http://sigv4examplebucket.s3.amazonaws.com/successful_upload.html"},
 ["starts-with", "$Content-Type ", "image/"],
 {"x-amz-meta-uuid": "14365123651274"},
 {"x-amz-server-side-encryption": "AES256"}, 
 ["starts-with", "$x-amz-meta-tag", ""],

 {"x-amz-credential": "AKIAIOSFODNN7EXAMPLE/20151229/us- east-1/s3/aws4_request"},
 {"x-amz-algorithm": "AWS4-HMAC-SHA256"},
 {"x-amz-date": "20151229T000000Z" }< br /> ]
}

>What is “x-amz-meta-uuid” and where can I find it?
>What do I write in the “x-amz-credential” node?

2. My base64 encoding strategy object

3. I use the upload form to create HTML pages

 
 
 
 

 Key to upload: 
 < input type="input" name="key" value="user/user1/${filename}" />

 
 
 Content-Type: < br /> 

  
  
 
 
 

 Tags for File: 
  

 
 
 File: 
  

 
 
 

 

>It seems that the form input values ​​are the same as the newly created Policy object I referenced in the form. So why do I have to fill in these twice?

What you are looking for is AWS S3 pre-signed URL. Basically, the steps are:

1) The server generates a pre-signed URL. Signed URL (because it has an aws key)

2) The server passes this pre-signed URL to the browser

3) The browser can directly use this pre-signed URL Upload the file to s3

Reference: http://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html