AWS S3 pre-signed POST access denied

Question

Im trying to generate a Signed url so that the front end can use it in uploading a photo but when i try the generated url It keeps giving me the following error

 <Code>AccessDenied</Code>
 <Message>Invalid according to Policy: Policy Condition failed: ["eq", "$acl", "public-read"]</Message>

My back-end code to generate the pre-signed url

const params ={
        Bucket:'bucket-name',
        Fields:{
            key:'key-name',
            acl: 'public-read'
        },
        Expires:30*600,
        Conditions:[
            {"acl": "public-read"},
        ]
    }
    ;
    s3.createPresignedPost(params,(error,data) =>{
        console.log(error)
        res.send(data)
    })

And my IAM User policies

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::bucket-name/*"
        }
    ]
}

My CORS Policy

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "DELETE",
            "GET",
            "HEAD"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": []
    }
]

Note: I made the s3 bucket public but the same error persists

Answer 1

There are a couple of small problems here:

1. when you created the pre-signed URL, you indicated a condition of acl=public-read so your clients must include a form field of acl=public-read when POSTing their request
2. because your clients indicate an ACL, the IAM policy associated with the credentials creating the pre-signed URL must allow both s3:PutObject and s3:PutObjectAcl.