amazon web services - AWS S3 Policy wildcard ("*") works, but "s3:GetObject", "s3:PutObject", etc does not -

-

by following example here uploading photos amazon s3 browser able upload files browser s3 bucket. however, when attempt modify policy more specific addeing following statement access denied error:

{         "effect": "allow",         "action": [              "s3:getobject",             "s3:putobject",             "s3:deleteobject"         ],         "resource": [             "arn:aws:s3:::[my_bucket]/${cognito-identity.amazonaws.com:sub}",             "arn:aws:s3:::[my_bucket]/${cognito-identity.amazonaws.com:sub}*"         ]     }

however, following statement allow me upload bucket:

{         "effect": "allow",         "action": [            "*"         ],         "resource": [             "arn:aws:s3::[my_bucket]/${cognito-identity.amazonaws.com:sub}",             "arn:aws:s3:::[my_bucket]/${cognito-identity.amazonaws.com:sub}*"         ]     }

i logging in user using federated login , placing them aws identity pool. policy containing above code assumed authenticated role of identity pool. i've confirmed identity id exists in identity pool. research tells me should able more specific actions have no idea going wrong here.

edit:

i realized might useful know how files got in bucket in first place. i'm using aws-sdk npm , following code upload image files bucket:

return new promise(function (resolve, reject) {         const filename = userid + '/' + utilities.getguid();         s3.upload({             key: filename,             body: file,             acl: 'public-read'         }, function (err, data) {             if (err) {                 dropzoneutilities.setdropzonefilecanceled(file);                 console.log(err);                 reject(err);             }             else {                 dropzoneutilities.setdropzonefilecomplete(file);                 dropzoneutilities.removefile(file);                 resolve({ data, name: file.name});             }          });     });

note in upload code:

acl: 'public-read'

the documentation not unambiguous on point, including requires s3:putobjectacl permission.

http://docs.aws.amazon.com/amazons3/latest/dev/using-with-s3-actions.html#using-with-s3-actions-related-to-objects


Comments

Post a Comment

Popular posts from this blog

php - How to display all orders for a single product showing the most recent first? Woocommerce -

-
i have password protected page on frontend. on page, want display full list of purchases associated single woocommerce product id. option 1: i've looked through woocommerce docs , , found: wc_cli_order , list_( $args, $assoc_args ) function lists orders. presumably, orders can filtered product id [--=] filter orders based on order property. line item fields (numeric array, started index zero): line_items.0.product_id option 2: i found article , based on customer id. i've modified code based on guesses meta_key , meta_value. $customer_orders = get_posts( array( 'numberposts' => -1, 'meta_key' => '_product', 'meta_value' => get_product_id(), 'post_type' => wc_get_order_types(), 'post_status' => array_keys( wc_get_order_statuses() ), ) ); how display orders single product showing recent order first? here solution put based on these articles: http://www.w...
Read more

asp.net - How to correctly use QUERY_STRING in ISAPI rewrite? -

-
i'm having difficult time , hope guys can help. using helicon isapi rewrite version 3.1.0.104 on our iis server. edit http.conf file , have tried , still fail. this trying do: redirect url: https://www.domain.com/switch-by-version?version=2.8.5.2594 to: https://test.domain.com/load/load.aspx?tver=2.8.5.2594 the version number @ end source url change, , need target url have same version number @ end of url example above shows. i tried following not work: rewritecond %{query_string} ^version=(\d\d?)\.(\d\d?)\.(\d\d?)\.(.*)$ [nc] rewriterule ^/switch-by-version(.*)$ https://test.domain.com/load/load.aspx?tver=%1 [r=307,nc,l] any appreciated! thanks. if it's running in equivalent context of .htaccess , rule shouldn't start / . here's simpler version: rewritecond %{query_string} ^version=(\d+\.\d+\.\d+(?:\..+)?)$ [nc] rewriterule ^switch-by-version/?$ https://test.domain.com/load/load.aspx?tver=%1 [r=307,nc,l]
Read more

angularjs - How restrict admin panel using in backend laravel and admin panel on angular? -

-
https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps following tutorials, try write authentication restrict admin panel, didn't understood how can that. this admin panel, admin panel don't want show , request database unauthenticated users. my laravel-routes route::get('/admin',function(){ return view('index'); }); route::get('/api/v1/employees/{id?}', 'employees@index'); route::get('/api/v1/users/{id?}', 'employees@users'); route::post('/api/v1/employees', 'employees@store'); route::post('/api/v1/employees/{id}', 'employees@update'); route::delete('/api/v1/employees/{id}', 'employees@destroy'); route::group(['prefix' => 'api'], function() { route::resource('authenticate', 'authenticatecontroller', ['only' => ['index']]); route::post('authenticate', 'authentic...
Read more