After some mucking about, here's what I found:
- Create a bucket
- Give everyone the permissions Upload/Delete and Edit Permissions (should be easy with the API, my case was easier with the console).
- Set the following (or similar) CORS policy:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*.example.com</AllowedOrigin>
<AllowedMethod>PUT</AllowedMethod>
<MaxAgeSeconds>3000</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
- set an object lifecycle policy to match your wishes (again, easy with the API, easier in my case with the console)
- When doing your PUT, add the header
x-amz-acl: bucket-owner-full-control
. For example, in CoffeeScript and jQuery, your PUT will look like this:
$.ajax http://my_spool_bucket.s3.amazonaws.com,
type: "PUT"
data: "contents of new object"
headers:
"x-amz-acl": "bucket-owner-full-control"
That's it. Bask in the glory of highly available, self-expunging, CORS compatible, cheap and easy HTTP spool space. One important thing to remember: any client can overwrite any key; you should design accordingly (I use cryptographically secure generated keys).