How to make an AWS S3 file public accessible using AW S3 SDK's createPresignedPost method?

Question

I have a use case to keep the AWS S3 Bucket Private as default but,
Make certain objects Public while uploading to AWS S3.

I am using the following code to sign the AWS S3 url using and ACL setting as public-read -

module.exports.generateS3PostSignedUrl = async (bucketName, bucketKey, objectExpiry) => {

    let s3Client = new AWS.S3({
        region: 'some-region'
    });

    let signingParams = {
        Expires: objectExpiry,
        Bucket: bucketName,
        Fields: {
            key: bucketKey,
        },
        Conditions: [
            ['acl', 'public-read']   
        ],
        ACL: 'public-read'
    }

    let s3createPresignedPost = util.promisify(s3Client.createPresignedPost).bind(s3Client);
    let signedUrl = await s3createPresignedPost(signingParams);

    return signedUrl;
};

Request while uploading -

I am able to upload the file to AWS S3, if I remove the conditions array in signing params,
but the file is still not public when I click its url.
I believe I have done something wrong code on signingParams part.

Ref -
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/S3.html#createPresignedPost-property

Upload file to s3 with POST

Answer 1

The order of parameters matters here. Put acl parameter before the file and it should work; otherwise S3 just ignores the value you provided.

Below are the example screenshots with different placement of parameters in form-data.

Also, be sure to give execute the createPresignedPost by a user with s3:PutObjectAcl and s3:PutObject permissions.

The correct order of form-data parameters

The same request but with acl parameter being placed after file (Ignored by S3)