Support Presigned POST URL Generator with policy document

[kimxogus]

Supporting Presigned POST URL generators with policy documents

Expected Behavior

sdk is able to generate presigned post url with conditions.

Current Behavior

It's not supported yet. V1 sdk also doesn't have this feature. https://github.com/aws/aws-sdk-java/issues/834 It's not even in current plan as https://github.com/aws/aws-sdk-java-v2/issues/203#issuecomment-548027793

Context

To utilize presigned url's policy document. In my case, our logic is

1. Client request to upload a file
2. Backend process pre condition checks like user authentications
3. Backend returns presigned post url and form fields for upload
    - Conditions are needed to limit bucket, object key, content type and content length range
    - As both V1 and V2 sdk doesn't support this feature, we call lambda function which written in js to generate presigned post url and use that.
4. Client uploads a file using the presigned post url and form fields

https://github.com/aws/aws-sdk-java-v2/issues/203#issuecomment-547693103

[trinopoty]

I've also recently faced this issue. I would be willing to open a PR if someone were to point me in the right direction.

[bernardobelchior]

I have a use case where this feature would very useful. Is there any in progress on this issue?

[rusu-robert]

I also need this feature and I would appreciate very much if someone allocated their time to implement this. Thank you!

[Milunas]

Hi! Do you know anything new about this feature? :)

[mahadi-hossain]

Hi you can follow this https://www.linkedin.com/pulse/s3-browser-based-uploads-using-http-post-md-mahadi-hossain/

On Thu, Dec 16, 2021 at 1:08 PM Łukasz Milunas @.***> wrote:

Hi! Do you know anything new about this feature? :)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/aws/aws-sdk-java-v2/issues/1493#issuecomment-995500021, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADKSAVJM6UFMVJIMHE3HQXTURGGAHANCNFSM4JHCYBUA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[Dzhuliyan-Ovcharov]

Hi you can follow this https://www.linkedin.com/pulse/s3-browser-based-uploads-using-http-post-md-mahadi-hossain/ … On Thu, Dec 16, 2021 at 1:08 PM Łukasz Milunas @.***> wrote: Hi! Do you know anything new about this feature? :) — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#1493 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADKSAVJM6UFMVJIMHE3HQXTURGGAHANCNFSM4JHCYBUA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

Hello, do we have something similiar implemented on java or kotlin? Also example said:

• The ACL must be set to public-read. What if we want to set it private?
• The object must be an image file. Why? If I want to upload different content types? or rather here we mean that what we have defined in the policy the same must be applied in request which is logical..

[trinopoty]

I use a bit of hacky code in Java. You can find the gist here: https://gist.github.com/trinopoty/d617bbec19f249c723897ddf1cc1357d

Consider the snippet to be MIT licensed and modify it to suit your needs.

[trinopoty]

Also a gist to generate signed html form post requests in Java: https://gist.github.com/trinopoty/f0272a4a33dcf455b3a7d4a70ed6b715

[mahadi-hossain]

Hi you can follow this https://www.linkedin.com/pulse/s3-browser-based-uploads-using-http-post-md-mahadi-hossain/ … On Thu, Dec 16, 2021 at 1:08 PM Łukasz Milunas @.***> wrote: Hi! Do you know anything new about this feature? :) — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#1493 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADKSAVJM6UFMVJIMHE3HQXTURGGAHANCNFSM4JHCYBUA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

Hello, do we have something similiar implemented on java or kotlin? Also example said:

• The ACL must be set to public-read. What if we want to set it private?
• The object must be an image file. Why? If I want to upload different content types? or rather here we mean that what we have defined in the policy the same must be applied in request which is logical..

That is- you are ordering to follow the instruction by that configuration. You can set {"acl": "public-read"}, ["starts-with", "$Content-Type", "image/"], according to your demand.

Follow this :

https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html

[debora-ito]

Quick update: this feature is in our backlog, but we don't have a timeline for it yet.

Add a 👍 to the original description if you want to show your support, it helps us with prioritization.

[ghost]

+1

[hojin-choi]

+1

[Frozenlock]

+1

[fhaase2]

+1

[KamaniAman]

+1

[HLA-242]

+1

[sgasior]

+1

[LeonidIvanov123]

+1

[Gwonwoo-Nam]

+++1

[almightychang]

++++1

[k163377]

I am surprised that the uploadable file size cannot be easily limited. I think this is one of the most requested features by many developers. I strongly hope it will be given a higher priority.

+1