将AWS javascript sdk putObject与预签名URL一起使用

Question

I have a working solution which allows users to upload files to s3 with a server-generated policy, signature & expiry, like so:

<form id="uploadForm" action=*myBucketUrl* method="post" enctype="multipart/form-data">
  <input type="hidden" name="AWSAccessKeyId" > 
  <input type="hidden" name="key">
  <input type="hidden" name="Content-Type" >
  <input type="hidden" name="acl" value="private"> 
  <input type="hidden" name="policy">
  <input type="hidden" name="signature">
</form> 

This works well, so CORS, S3, signing, etc are working fine.

I'd like to try this same approach using the AWS SDK for Javascript . I can't find a single mention of how to use my values for 'policy' and 'signature'. Here is my code so far:

var bucket = new AWS.S3({
    accessKeyId: $("#uploadForm input[name='AWSAccessKeyId']").val(),
    params: {
        Bucket: myBucket
    }
});
var params = {
    Key: $("#uploadForm input[name='key']").val(),
    ContentType: $("#uploadForm input[name='Content-Type']").val(),
    Body: blob,
};
bucket.upload(params, function(err, data) {
    console.log(err ? 'ERROR!' + err : 'UPLOADED.');
});

Is it possible to use s3.putObject of the AWS JS SDK in conjunction with pre-signed requests?

Answer 1

We recently wanted to move from a custom implementation to the AWS JS SDK and had the same problem. Unfortunately, as far as I know, there is no way to do this. There is an alternative method however:

You can use Cognito for this. Each time a user upload is nessecary (or uploads), do a cognito call to get an unauthenticated user token. The IAM role associated with unauthenticated users can be given access to the bucket you want the user files to be put in. The Cognito credentials can then be used to sign the requests. This is how we do it now and it works very nicely.