s3 direct upload restricting file size and type

Question

A newbie question but I have googled abit and can't seem to find any solution.

I want to allow users to directly upload files to S3, not via my server first. By doing so, is there any way the files can be checked for size limit and permitted types before actually uploading to S3? Preferably not to use flash but javascript.

Answer 1

If you are talking about security problem (people uploading huge file to your bucket), yes, You CAN restrict file size with browser-based upload to S3.

Here is an example of the "policy" variable, where "content-length-range" is the key point.

"expiration": "'.date('Y-m-d\TG:i:s\Z', time()+10).'",
"conditions": [
    {"bucket": "xxx"},
    {"acl": "public-read"},
    ["starts-with","xxx",""],
    {"success_action_redirect": "xxx"},
    ["starts-with", "$Content-Type", "image/jpeg"],
    ["content-length-range", 0, 10485760]
]

In this case, if the uplaoding file size > 10mb, the upload request will be rejected by Amazon.

Of course, before starting the upload process, you should use javascript to check the file size and make some alerts if it does.

getting file size in javascript

Answer 2

AWS wrote a tutorial explaining how to create HTML POST forms that allow your web site visitors to upload files into your S3 account using a standard web browser. It uses S3 pre-signed URLs to prevent tampering and you can restrict access by file size.

Answer 3

To do what you are wanting to do, you will need to upload through your own web service. This is probably best anyway, as providing global write access to your end users to your S3 bucket is a security nightmare, not too mention there would be nothing stopping them from uploading huge files and jacking up your charges.