I'm building a Web App which can upload files directly to a public S3 bucket using the AWS for Browsers SDK.
I would like to restrict the maximum file size which can be uploaded, and although I can do a client-side validation on the file-size, a pure client-side solution is not very robust and I would like to add a server-side validation as well. Is it possible to do this using IAM roles for the "S3:PutObject" action?
If you are talking about security problem (people uploading huge file to your bucket), yes, You CAN restrict file size with browser-based upload to S3. Here is an example of the "policy" variable, where "content-length-range" is the key point.
You can have an unlimited number of objects in a bucket. Before you can upload files to an Amazon S3 bucket, you need write permissions for the bucket. For more information about access permissions, see Identity and access management in Amazon S3. You can upload any file type—images, backups, data, movies, etc.—into an S3 bucket.
You can upload any file type—images, backups, data, movies, etc.—into an S3 bucket. The maximum size of a file that you can upload by using the Amazon S3 console is 160 GB. To upload a file larger than 160 GB, use the AWS CLI, AWS SDK, or Amazon S3 REST API.
This procedure explains how to upload objects and folders to an S3 bucket using the console. When you upload an object, the object key name is the file name and any optional prefixes. In the Amazon S3 console, you can create folders to organize your objects. In Amazon S3, folders are represented as prefixes that appear in the object key name.
You can set minimum and maximum file size in the s3Policy you create when setting up the signed upload URK for direct browser to S3 upload.
Here is an example (JavaScript from a node.js app) - see the 'content-length-range' part at the bottom:
var s3Policy = {
'expiration': expiration,
'conditions': [{
'bucket': aws.bucket
},
['starts-with', '$key', path],
{
'acl': readType
},
{
'success_action_status': '201'
},
['starts-with', '$Content-Type', request.type],
['content-length-range', 2048, 124857600], //min and max
]
};
If the user uploads a file that exceeds S3 returns a 400 bad request with a body including a message saying that the maximum file size limit has been exceeded.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With