Restricting file types on amazon s3 bucket with a policy

Question

I\'m trying to set up so the only file types the bucket can hold would be png, jpeg, and gif images. I\'m trying to put in a bucket policy like this

{
    \"con         


        

Answer 1

I talked with AWS support engineer, the conditions.starts-with restriction is only supported by HTTP POST policy (eg: policy for browser form-field upload request). With this policy, it should be impossible to limit mineType when you or your users upload files with HTTP PUT request.

Reference: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html#sigv4-PolicyConditions.

For common policy, you can see available Condition keys here, https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html

And I find there is another solution which can restrict mineType,

1. specify mineType for your html element, like this:
2. then you can get bmp, jpeg, png and gif through code, and you can set them as file URL extension of S3 object before upload.
3. Finally you can add general policy to limit file URL extension like below. Reference: https://aws.amazon.com/premiumsupport/knowledge-center/s3-allow-certain-file-types/

{
    "Id": "Policy1464968545158",
    "Version": "2012-10-17",
    "Statement": [
      {
          "Sid": "Stmt1464968483619",
          "Effect": "Allow",
          "Principal": {
              "AWS": "IAM-USER-ARN"
          },
          "Action": "s3:PutObject",
          "Resource": [
              "arn:aws:s3:::bucket-name/*.bmp",
              "arn:aws:s3:::bucket-name/*.jpeg",
              "arn:aws:s3:::bucket-name/*.png",
              "arn:aws:s3:::bucket-name/*.gif"
         ]
     }
  ]
}

4. So that you restrict the mimeType from browser side