Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Amazon S3 policy allowing only upload not overwrite [duplicate]

I'm developing a mobile application which will let anyone upload a file to an S3 bucket. I think I'll use the Anonymous Token Vending Machine that is provided by Amazon.

However, I can't see how to write a TokenVendingMachinePolicy.json file that will only allow uploading new files, not overwriting (effectively deleting). I thought allowing just s3:PutObject would be fine, but it appears the s3:PutObject permission allows both. This seems a bit strange, since there's a separate s3:DeleteObject permission, which is useless, since you can just overwrite with 0-length object anyway.

Is there any way to only allow uploading new files? How is this problem usually solved?

like image 281
houbysoft Avatar asked Aug 10 '13 00:08

houbysoft


People also ask

How do I protect my s3 from overwriting?

With S3 Object Lock, you can store objects using a write-once-read-many (WORM) model. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.

Does s3 upload file overwrite?

By default, when you upload the file with same name. It will overwrite the existing file. In case you want to have the previous file available, you need to enable versioning in the bucket.

Does aws s3 sync overwrite?

It only copies files that have been added or changed since the last sync. It is designed as a one-way sync, not a two-way sync. Your file is being overwritten because the file in the Source is not present in the Destination. This is correct behavior.

What happens if you upload the same file to s3?

If you pass the same key to upload a file, it is replaced, unless versioning is on. S3 supports versioning. This means that when you upload to the same key twice, two versions of the file are stored. Note that if you upload the exact same file twice, you get to pay for two identical copies of the same file on S3.


1 Answers

Unfortunately it's not possible to have a write-once permission. A workaround would be to use versioning on your bucket.

See this answer to a similar question that explains it in detail:

Amazon S3 ACL for read-only and write-once access

like image 144
dcro Avatar answered Sep 22 '22 17:09

dcro