S3 spool bucket / anonymous PUT

Question

I'd like to use S3 CORS and key expiration to create a 'spool bucket'. This spool bucket should support the following:

• Frontend code (say, jQuery) should be able to HTTP PUT arbitrarily named keys to the bucket
• Backend code (say, Python/boto) should be able to read and delete these keys, given a key name
• keys should expire by themselves after X days

How exactly should this be achieved?

Answer 1

After some mucking about, here's what I found:

• Create a bucket
• Give everyone the permissions Upload/Delete and Edit Permissions (should be easy with the API, my case was easier with the console).
• Set the following (or similar) CORS policy:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*.example.com</AllowedOrigin>
        <AllowedMethod>PUT</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>*</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

• set an object lifecycle policy to match your wishes (again, easy with the API, easier in my case with the console)
• When doing your PUT, add the header x-amz-acl: bucket-owner-full-control. For example, in CoffeeScript and jQuery, your PUT will look like this:

$.ajax http://my_spool_bucket.s3.amazonaws.com,
    type: "PUT"
    data: "contents of new object"
    headers:
        "x-amz-acl": "bucket-owner-full-control"

That's it. Bask in the glory of highly available, self-expunging, CORS compatible, cheap and easy HTTP spool space. One important thing to remember: any client can overwrite any key; you should design accordingly (I use cryptographically secure generated keys).