Reputation: 6131
AWS Policy Error when uploading file directly to S3 via form POST - Invalid Simple-Condition
I'm getting the below error when attempting to directly POST a file from browser to S3, using a pre-authenticated token from the aws sdk
Invalid Policy: Invalid Simple-Condition: Simple-Conditions must have exactly one property specified.
I have an angular app and I want the user to directly upload a file to S3, without needing to be processed by my server. I am using this as a guide https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html
I'm using the aws sdk to generate the credentials and end up with something like the below, which I append to my formData and post to s3
Key: "e1ace7-d3c-9846-87b9-48beed3768"
Policy: "eyJleHUsoiF0aW9uIjoiMjAyMC0wNy0yOFQxNTozMzoxMFoiLCJjb25kaXRpb25zIjpbeyJLZXkiOiJlMTcxYWNlNy1kM2NjLTQ4NTgtOiOS00OGJlZWQifSx7ImJ1Y2tldCI6Imxvd3kudGVt12cG9yYXJ5LnVwbG9hEFVtcWEifSx7IlgtQW16LUFsZ29yaXRobSI6IkFXE1BQy1TSEEyNTYddifSx7IlgtEG16LUNyZc4WRlbnRWwiOiJBS0lBUlFMSFlHU01XM1QyVlJNVC8yMDIwMDcyOC91cy1lYXbN0LTEvczMvYXdzNF9yZXF1ZXN0In0seyJYLUFtIjoiMjAyMDA3MjhaeUMTQzMzEwWiJ9XX0="
X-Amz-Algorithm: "AWS4-HMAC-SHA256"
X-Amz-Credential: "AKIOWEI78EVR/20200728/us-east-2/s3/aws4_request"
X-Amz-Date: "20200228T112310Z"
X-Amz-Signature: "25069f754c94b5f62fd1d2e632459asd1e62a3a8430b3ef952dde64d9cb8"
bucket: "mybucketname"
this is then posted to https://mybucketname.s3.amazonaws.com/ which receives the below error :(
Invalid Policy: Invalid Simple-Condition: Simple-Conditions must have exactly one property specified.
My S3 bucket has CORS open per this policy
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>HEAD</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
And the IAM account I'm authorizing as has the following policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:Put*"
],
"Resource": [
"arn:aws:s3:::mybucketname/*"
]
}
]
}
Based on the error message that Simple-Conditions must have exactly one property specified I assume I just need to change my iam policy to obey but I'm not sure how? The web user should be able to upload any file directly to the S3 bucket in question...
I haven't been able to find anything in the IAM docs about what this error means exactly or how to specify one property or where. I'm sure it's a small fix somewhere I'm just not sure where. Any guesses where I can start with the simple-conditions must have exactly one property?
Upvotes: 2
Views: 855
Answers (1)
Reputation: 6131
Turns out I was so close, I had to specify the key in the policy generation itself in the aws javascript sdk, whereas before I was adding it to the form from the html post side
const client = new AWS.S3(options);
const form = await client.createPresignedPost(
{
Bucket: bucketname,
Fields: {
key: guid,
},
});
Upvotes: 2
Related Questions
- Amazon S3 Create Object Error: POST requires exactly one file upload per request
- confusing s3 bucket policy upload issue
- OptionsRequestDenied When Uploading File to S3
- IAM Policy not allowing me to upload to S3
- AWS S3 Upload Access Denied through Presigned post generated with AWS-SDK PHP
- S3 Policy not working when resource is specified
- S3 Form File Upload via AWS Api Gateway
- Which policy actions must be permitted to upload a file to s3?
- S3 POST upload minimal policy
- Receiving Invalid policy document or request headers error when using fineuploader for amazon s3