S3 - Anonymous Upload - Key prefix

Question

I am trying to understand exactly how to setup a bucket that is generally private but allows anonymous uploads with restrictions. The specific criteria are:

• The bu

Answer 1

What you describe can be implemented within one bucket. You can allow anonymous access to specific folder via bucket policy, check examples or use AWS Policy Generator. In your case it could look something like this:

{
    "Version": "2008-10-17",
    "Id": "Policy1346097257207",
    "Statement": [
        {
            "Sid": "Allow anonymous upload to /incoming",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::[your_bucket]/incoming/*"
        }
    ]
}

It is also possible to upload files to your bucket anonymously using a simple html form:

<form action="http://[your_bucket].s3.amazonaws.com/" method="post" enctype="multipart/form-data">
    <input type="hidden" name="acl" value="public-read" />
    Name: <input type="text" name="key" value="incoming/[filename]" /><br/>
    File: <input type="file" name="file" /> <br />
    <input type="submit" name="submit" value="Upload" />
</form>​

S3 browser based uploads are described here in detail.

Answer 2

I recently spent a bit of time figuring out the ins and outs of anonymous uploads to S3, and came across this question as well. I wrote about the solution that worked for ME in some length at:

https://gist.github.com/jareware/d7a817a08e9eae51a7ea

Basically you can achieve what you want to, except that authenticated requests for management won't work (or at least I'm not aware of a solution).

I know this is an older question but just documenting it here in case it helps someone else.