Why do I need a bucket policy for uploading to s3 via presigned url?
Question
I have created a presigned URL for users to upload files to s3 bucket. But they AccessDenied error. After some searching I found I can fit it by adding a bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicPutObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:*",
"Resource": "arn:aws:s3:::mybucket/*"
}
]
}
But this will make my bucket open to the public. I wonder why I need a policy for a presigned URL. Doesn't it already have permission to upload files? I am building a react website which will use this presigned URL to upload files to s3 bucket. What kind of policy should I set?
1 answers
solution1
1 2020-05-09 12:37:06
I figured out how to fix that. The problem is I use a lambda to generate the presigned URL but it doesn't have permission on the s3 bucket. It can be fixed by attaching s3 bucket PutObject permission policy to the lambda role.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.