tags:

views:

271

answers:

1
Q: 

S3 post InvalidPolicyDocument bucket-dependent?

I have direct HTML POSTing to an S3 bucket working for bucket A. If I keep all the code exactly the same but substitute and sign the policy for bucket B, Amazon returns an InvalidPolicyDocument error. Is there something about a bucket that needs to be enabled or set before it will accept posted objects?

Thanks in advance! Ben

ps. I have changed the bucket name both in the policy and in the upload URL.

pps. as requested, I traced both requests in Fiddler. Here are the requests and responses:

THE GOOD REQUEST:

REQUEST:

------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="Filename"

Blue hills.jpg
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="key"

uploads/${filename}
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="signature"

STJNaC3bFVXD9VSUPhId41yw5+w=
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="AWSAccessKeyId"

0WDZ435HNTSCJ306SXR2
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="acl"

private
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="success_action_status"

201
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="policy"

eydjb25kaXRpb25zJzogW3snYnVja2V0JzogJzB3ZHo0MzVobnRzY2ozMDZzeHIyLXRlc3QtYnVja2V0J30sIFsnc3RhcnRzLXdpdGgnLCAnJGtleScsICd1cGxvYWRzLyddLCBbJ3N0YXJ0cy13aXRoJywgJyRGaWxlbmFtZScsICcnXSwgeydhY2wnOiAncHJpdmF0ZSd9LCB7J3N1Y2Nlc3NfYWN0aW9uX3N0YXR1cyc6ICcyMDEnfV0sICdleHBpcmF0aW9uJzogJzIwMDktMDYtMTBUMTg6MTc6NTlaJ30=
------------ae0KM7cH2cH2cH2Ij5Ef1cH2Ef1ae0
Content-Disposition: form-data; name="file"; filename="Blue hills.jpg"
Content-Type: application/octet-stream

RESPONSE:

<?xml version="1.0" encoding="UTF-8"?>
<PostResponse><Location>http://0wdz435hntscj306sxr2-test-bucket.s3.amazonaws.com/uploads%2FBlue+hills.jpg&lt;/Location&gt;&lt;Bucket&gt;0wdz435hntscj306sxr2-test-bucket&lt;/Bucket&gt;&lt;Key&gt;uploads/Blue hills.jpg</Key><ETag>"6fb2a38dc107eacb41cf1656e899cf70"</ETag></PostResponse>

THE BAD REQUEST:

REQUEST:

------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="Filename"

Water lilies.jpg
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="policy"

eydjb25kaXRpb25zJzogW3snYnVja2V0JzogdScwd2R6NDM1aG50c2NqMzA2c3hyMi1tNGxiZXRhJ30sIFsnc3RhcnRzLXdpdGgnLCAnJGtleScsICd1cGxvYWRzLyddLCBbJ3N0YXJ0cy13aXRoJywgJyRGaWxlbmFtZScsICcnXSwgeydhY2wnOiAncHJpdmF0ZSd9LCB7J3N1Y2Nlc3NfYWN0aW9uX3N0YXR1cyc6ICcyMDEnfSwgeydDb250ZW50LVR5cGUnOiAnYXBwbGljYXRpb24vb2N0ZXQtc3RyZWFtJ31dLCAnZXhwaXJhdGlvbic6ICcyMDA5LTA2LTEwVDE4OjA5OjE0Wid9
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="key"

uploads/${filename}
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="signature"

u+pOKfpLrFaRhiP3lfTPbCyWl3I=
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="AWSAccessKeyId"

0WDZ435HNTSCJ306SXR2
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="acl"

private
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="success_action_status"

201
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="Content-Type"

application/octet-stream
------------Ij5cH2cH2gL6gL6gL6Ij5Ij5GI3cH2
Content-Disposition: form-data; name="file"; filename="Water lilies.jpg"
Content-Type: application/octet-stream

RESPONSE:

100
<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidPolicyDocument</Code><Message>Invalid Policy: Invalid JSON.</Message><RequestId>2D883FC8947547AC</RequestId><HostId>G1r2SCbd87UmmlOU0hSY3/VTGGXBEmXdLXoxaGt4GJjpELBVHXtjn6PSAPhufLAC</HostId></Error>
0
+1  A: 

Make sure you change the bucket name in both the action URL and in the policy document.

UPDATE

Here are the Base64 decoded versions of both policies:

GOOD

{'conditions': [
{'bucket': '0wdz435hntscj306sxr2-test-bucket'}, 
['starts-with', '$key', 'uploads/'], 
['starts-with', '$Filename', ''], 
{'acl': 'private'}, 
{'success_action_status': '201'}
], 
'expiration': '2009-06-10T18:17:59Z'
}

BAD

{'conditions': [
{'bucket': u'0wdz435hntscj306sxr2-m4lbeta'}, 
['starts-with', '$key', 'uploads/'], 
['starts-with', '$Filename', ''], 
{'acl': 'private'}, 
{'success_action_status': '201'}, 
{'Content-Type': 'application/octet-stream'}
], 
'expiration': '2009-06-10T18:09:14Z'
}

Somehow an extra "u" got stuck in the bucket line for the bad policy

Bryce Kahle  2009-06-09 21:23:47
thanks. the bucket name is indeed changed in both places.
mainsocial  2009-06-10 05:40:35
Thanks Bryce! The extra u is for a unicode string, which is the default Python string type when working with the Google App Engine. Presumably I have to convert it to a regular string using str() before I encode the policy. Nice catch!
mainsocial  2009-06-16 11:35:34

related questions

What types of Technologies does Amazon.com use Internally
Max files per directory in S3
What is the best way to backup mysql in s3?
What are best practices for preventing stale CSS and JavaScript
How to upload a file with django (python) and s3?
Can I set the expires header on all objects in an Amazon S3 bucket all at once?
Anyone actually using Mosso Files (Amazon S3 competitor)?
Would an S3 cache module for IIS7 be useful?
Need assistance with diagnosing SOAP packet problem with Amazon S3
Best process for auto-zipping of multiple MP3s
Is it possible to change headers on an S3 object without downloading the entire object.
.NET library or asp.net application for Amazon S3
robocopy, jungledisk file copy problems.
SSH into Amazon EC2 Instance
Can you use Amazon S3 via Flex?
Experiences and tips for programming with and for Amazon's cloud servers/apps/tools?
Amazon - EC2 cost?
Amazon S3 standalone stub server
http PUT a file to S3 presigned URLs using ruby
Is Amazon S3 ready for prime time?
Amazon SimpleDB
Does Amazon S3 fail sometimes?
Is there a way to have index.html functionallity with content hosted on S3?
Delete Amazon S3 buckets?
Do you use Amazons Cloud services for your company?