What are the s3:*
permissions required for a user to be able to
a) generate pre-signed urls
b) create folders (paths) within s3
You can’t create a folder, you can only create objects which happen to have a prefix
For presigned urls you need to have the permission you’re going to presign
I.e. for a presigned url to upload objects, you must have s3:PutObject
. For retrieval, s3:GetObject
.
Thanks everyone
To be a little bit clearer: S3 doesn’t have any intrinsic concept of folders. What you see in the web console is just a layer on top to make it a little easier to use. If you have two objects in S3:
• foo/bar.txt
• foo/baz.txt
Then you do not have two objects called bar.txt
and baz.txt
in a folder called foo
. You just have two objects with the names foo/bar.txt
and foo/baz.txt
. The slash isn’t a special character and doesn’t denote any hierarchy to S3.
So you can’t create a folder in S3 regardless of which permissions you have because there isn’t any such thing as a folder in S3.