Open thatjuan opened 8 years ago
Hi,
I trie also to use an IAM user credentials but got same error
upload worked fine with aws root credentials
wondering if someone with more insight might help here
thanks
this is sufficient(but not squeezed down to min) to upload to bucketname
. i use this Policy as EC2-Role. and read them from AWS.EC2MetadataCredentials()
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AppBucketAccess",
"Action": [
"s3:Get*",
"s3:List*",
"s3:HeadObject*",
"s3:PutObject*",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::bucketname",
"arn:aws:s3:::bucketname/*"
]
}
]
}
I was battling this for a while because I really wanted to restrict this user to only be able to upload to the bucket. This is what I came up with for minimum privileges for uploading:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "uploadS3",
"Effect": "Allow",
"Action": [
"s3:PutObject*"
],
"Resource": [
"arn:aws:s3:::bucket_name",
"arn:aws:s3:::bucket_name/*"
]
}
]
}
Together with @gkrizek 's AWS policy, I had to remove the acl
setting in createDirective
Slingshot.createDirective('myFileUploads', Slingshot.S3Storage, {
bucket: 'uptestload',
//acl: 'public-read',
authorize() {
//Deny uploads if user is not logged in.
if (!this.userId) {
var message = 'Please login before posting files';
throw new Meteor.Error('Login Required', message);
}
return true;
},
key(file) {
//Store file into a directory by the user's username.
var user = Meteor.users.findOne(this.userId);
return user._id + '.' + file.name + '.' + Date.now();
}
});
Here's what I did:
Created a user - got keys. Created a group. Added an inline policy to the group Keys -> settings.json, followed the rest of the readme.
Hello,
I am trying to set up an upload form with s3. I'm using the following config:
On the IAM side, I have:
And when I try to upload, i get a 403 from the POST request. (the OPTIONS call succeeds)
Any clues? thanks!