How to build Amazon S3 Presigned PostPolicy for file uploading in Java SDK 2.0?

Question

I need to generate an AWS Signature v4 signature for uploading to s3, like this: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html.

I tried a lot of examples, but have the error

<Error>
    <Code>InvalidAccessKeyId</Code>
    <Message>The AWS Access Key Id you provided does not exist in our records.</Message>
    <AWSAccessKeyId>ASIA2AKMADUN</AWSAccessKeyId>
    <RequestId>E68a1B73B15</RequestId>
    <HostId>fIG19S=</HostId>
</Error>

I tried to build signature, using minio-java, like this https://github.com/minio/minio-java/blob/master/examples/PresignedPostPolicy.java

Also, I tried this code snippet https://gist.github.com/phstudy/3523576726d74a0410f8

P.S. My real target is uploading files from clients with limit of file size, like there, or there there. I can create presignS3UploadLink, but there is not way to set max size.

Answer 1

So, solution https://github.com/minio/minio-java/blob/master/examples/PresignedPostPolicy.java did not work, because of absent x-amz-security-token parameter.

We need to use session-token (which we get from amazon) for creating a POST-Policy and for form publishing - https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html

Sample code for minio:

conditions.add(new String[]{"eq", "$x-amz-security-token", sessionToken});
formData.put("x-amz-security-token", sessionToken);

P.S. x-amz-security-token is needed because of using of temporary security credentials - https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html