The S3 permissions needed for a user to create folders and generate pre-signed URLs

What are the s3:* permissions required for a user to be able to
a) generate pre-signed urls
b) create folders (paths) within s3

You can’t create a folder, you can only create objects which happen to have a prefix

For presigned urls you need to have the permission you’re going to presign

I.e. for a presigned url to upload objects, you must have s3:PutObject. For retrieval, s3:GetObject.

Thanks everyone :raised_hands:

To be a little bit clearer: S3 doesn’t have any intrinsic concept of folders. What you see in the web console is just a layer on top to make it a little easier to use. If you have two objects in S3:

Then you do not have two objects called bar.txt and baz.txt in a folder called foo. You just have two objects with the names foo/bar.txt and foo/baz.txt. The slash isn’t a special character and doesn’t denote any hierarchy to S3.

So you can’t create a folder in S3 regardless of which permissions you have because there isn’t any such thing as a folder in S3.