Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AccessDenied Invalid according to Policy: Policy Condition failed: ["starts-with", "$key", "2017/"]

I get the error I specified in the title.

I try to do: Uploading Objects with Signed URLs with php

the problem looks here: ['starts-with', '$key', 'test/']

['starts-with', '$key', 'test/'] How does this work?

in the bucket test folder exists.

Please help.

my code (server side php) :

$formInputs = ['acl' => 'private'];

// Construct an array of conditions for policy $options = [
    ['acl' => 'private'],
    ['bucket' => $bucket],
    ['starts-with', '$key', 'test/'] ];

// Optional: configure expiration time string $expires = '+2 hours';

$postObject = new \Aws\S3\PostObjectV4(
    $client,
    $bucket,
    $formInputs,
    $options,
    $expires );

$formAttributes = $postObject->getFormAttributes(); $formInputs = $postObject->getFormInputs();

?>


----------


<form action="<?=$formAttributes['action']?>" method="<?=$formAttributes['method']?>" enctype="<?=$formAttributes['enctype']?>">

<?php

    foreach($formInputs as $k=>$v){
        echo'<input type="hidden" name="'.$k.'" value="'.$v.'" ><br>'."\r\n";
    }
    ?>
    <input type="file" name="file">
    <input type="submit" name="upload s3">
</form>

Source Code

<form action="https://s3.amazonaws.com/my-bucket" method="POST" enctype="multipart/form-data">

<input type="hidden" name="acl" value="private" ><br>
<input type="hidden" name="key" value="${filename}" ><br>
<input type="hidden" name="X-Amz-Credential" value="AKIAJEEAQV5BBYRDKAFQ/20171222/us-east-1/s3/aws4_request" ><br>
<input type="hidden" name="X-Amz-Algorithm" value="AWS4-HMAC-SHA256" ><br>
<input type="hidden" name="X-Amz-Date" value="20171222T083752Z" ><br>
<input type="hidden" name="Policy" value="eyJleHBpcmF0aW9uIjoiMjAxNy0xMi0yMlQxMDozNzo1MloiLCJjb25kaXRpb25zIjpbeyJhY2wiOiJwcml2YXRlIn0seyJidWNrZXQiOiIzZG1mcmVlLmNvbSJ9LFsic3RhcnRzLXdpdGgiLCIka2V5IiwiXC8yMDE3XC8iXSx7IlgtQW16LURhdGUiOiIyMDE3MTIyMlQwODM3NTJaIn0seyJYLUFtei1DcmVkZW50aWFsIjoiQUtJQUpFRUFRVjVCQllSREtBRlFcLzIwMTcxMjIyXC91cy1lYXN0LTFcL3MzXC9hd3M0X3JlcXVlc3QifSx7IlgtQW16LUFsZ29yaXRobSI6IkFXUzQtSE1BQy1TSEEyNTYifV19" ><br>
<input type="hidden" name="X-Amz-Signature" value="a47bd97c1e4313b8d9d798dd8e8ccd030102cf80e2e1dd2c12843db2645ec158" ><br>
    <input type="file" name="file">
    <input type="submit" name="upload s3">
</form>

error

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>AccessDenied</Code>
<Message>
Invalid according to Policy: Policy Condition failed: ["starts-with", "$key", "test/"]
</Message>
<RequestId>E51EC9537EC2A4E9</RequestId>
<HostId>
+XgLNTFKCC4pMbq6lTXvePDyLRp6oG1O4SXh6hgtXXDNXJgbljcDLSXu2x35A6YFBue1aD/qACI=
</HostId>
</Error>

my CORS Config

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>DELETE</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
like image 425
emre Avatar asked Oct 18 '22 01:10

emre


1 Answers

i solved it.

https://www.spacevatican.org/2013/7/7/direct-to-s3-browser-uploads/

Placeholders You might expect that a condition of {key: 'prefix/${filename}'} would work when combined with key having the value prefix/${filename}. However, for this to work you actually need to have a condition of ['starts-with','$key', 'prefix/']

like image 189
Fer Torrs Avatar answered Oct 21 '22 09:10

Fer Torrs