aws-sdk-go-v2 icon indicating copy to clipboard operation
aws-sdk-go-v2 copied to clipboard

Published 20 hours ago verified publisher icon aws

Add convenience method for S3 presigned posts

Open F21 opened this issue 3 years ago • 18 comments

Is your feature request related to a problem? Please describe. The presign client for S3 currently supports presigning GetObject and PutObject URLs: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/service/s3#PresignClient

It would be nice if an additional method is implemented to support presigning POST object URLs documented here: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOST.html

This feature seems to be present in SDKs for other languages.

Describe the solution you'd like Add a convenience method for S3 presigned posts to the PresignClient

Describe alternatives you've considered n/a

Additional context n/a

F21 avatar Apr 12 '21 07:04 F21

Any update on this? I am interested in this function too

ArtemSBulgakov avatar Oct 29 '21 20:10 ArtemSBulgakov

I am interested too. It seems there were no changes requested to the PR (https://github.com/aws/aws-sdk-go/pull/3287) since 2020. Does this mean the PR could be merged? What would be still missing? I would be happy to assis somehow if needed.

Maximilian5189 avatar Feb 03 '22 18:02 Maximilian5189

+1, I've been waiting for this for a while. I have had to make my own in the past

soapiestwaffles avatar Feb 20 '22 02:02 soapiestwaffles

+1, Would be very good to have this as part of SDK

william20111 avatar Mar 16 '22 21:03 william20111

Does the v4.Signer.PresignHTTP method in aws/signer/v4 get close to what you're looking for?

MrGossett avatar Mar 17 '22 13:03 MrGossett

@MrGossett thanks for replying, just for my understanding. If i take the example policy from the docs of s3 POSt policy.

{ "expiration": "2007-12-01T12:00:00.000Z",
  "conditions": [
    {"acl": "public-read" },
    {"bucket": "johnsmith" },
    ["starts-with", "$key", "user/eric/"],
  ]
}

If i SHA256 that payload and provide it to the below signer I can get the same behaviour?

func main() {
	preSigner := v4.NewSigner()
	req, _ := http.NewRequest()
	preSigner.PresignHTTP(context.TODO(), creds, req, hashedPayload, s3ServiceString, regionString, time.Now())
}

william20111 avatar Mar 17 '22 13:03 william20111

@MrGossett thanks for replying,

Cheers :) Just for transparency: I don't work for AWS. I'm just a very active AWS SDK Go user.

just for my understanding. If i take the example policy from the docs of s3 POSt policy.


{ "expiration": "2007-12-01T12:00:00.000Z",

  "conditions": [

    {"acl": "public-read" },

    {"bucket": "johnsmith" },

    ["starts-with", "$key", "user/eric/"],

  ]

}

If i SHA256 that payload and provide it to the below signer I can get the same behaviour?


func main() {

	preSigner := v4.NewSigner()

	req, _ := http.NewRequest()

	preSigner.PresignHTTP(context.TODO(), creds, req, hashedPayload, s3ServiceString, regionString, time.Now())

}

No, not quite. The hashedPayload argument is a SHA sum of the HTTP request's body. I guess that method won't do what you want easily.

MrGossett avatar Mar 17 '22 15:03 MrGossett

Hi all, I have discussed with the team, and we are planning to implement this. However, there is no timeline for this yet, I will comment if we have any update.

vudh1 avatar Apr 13 '22 20:04 vudh1

could someone from the core team please review it (or at least assign someone to review it)? Our company is heavily using Go and unfortunately we do need presigned POST for uploads in the next 2 weeks.

If there is an implementation of that in some PR, could you perhaps point me to it?

QuteBits avatar Jul 27 '22 14:07 QuteBits

@QuteBits this GitHub issue is to just track the feature request, and is not a pull request for the implementation. This remains an item on our backlog, but we are unable to provide a timeline at this time on when we can pick up implementation of this feature.

skmcgrail avatar Jul 27 '22 19:07 skmcgrail

@skmcgrail got it. And thank you for such a quick response.

QuteBits avatar Jul 28 '22 09:07 QuteBits

Not sure if advertising like this is allowed, but. We were also in desperate need for this functionality, and built our own presign client to add this functionality to our servers. We use this in production here

Seeing as this still has not been added officially, I decided to break this out into it's own tiny module which can be found here https://github.com/PretendoNetwork/aws-sdk-presigned-post-go

It was made to mimic the official SDK as much as possible, hence the similar naming. I tried to make the API as clean as possible, to not force developers to pass in information multiple times (once to the official SDK and once to this module), and unforntunately I was not able to find a clean way to integrate this into one client (not relying on this client+an official SDK client for other presign types)

This was really made with our use case in mind, and can only confirm it works in that use case (the client being a WiiU and using DigitalOcean Spaces as the s3 server), so any changes and suggestions are welcome to help make this more approachable to others

jonbarrow avatar Apr 19 '23 23:04 jonbarrow

+1, would need this functionality.

Here is a good post about the differences between presigned PUT and POST if anybody is wondering: https://advancedweb.hu/differences-between-put-and-post-s3-signed-urls/

vassbence avatar Apr 24 '24 20:04 vassbence

+1, would need this functionality.

sonal1999 avatar May 02 '24 09:05 sonal1999