Amazon AWS S3 : HTML Direct Upload Form Signing (Base64 and HMAC)
Clone this wiki locally
Need to do browser/html posting directly in an AWS S3 bucket?
To prevent just anyone from posting files in someone's S3 bucket and using it as a 'free' online storage container without the knowledge of the AWS account owner, the HTML form has two required hidden fields called "policy" and "signature". These base64 strings contain restrictions/policies are HMAC SHA signed using the AWS account owner's secret key. The policy contain items such as which bucket the upload is allowed into, the allow file name filter and bucket key (i.e: folder name), what ACL will be assigned to new content, what mime types are allowed, the expiration date of this policy, and so on...