![]() This is attached to the formData used by your browser to upload object directly to S3.Ĭlearly you don’t want to give access to your serverless app to anyone, AWS Cognito is a way to go - read on about this on our blog. Which means we should be able to generate these policy on the fly if the usedStorage is less than the user uploadCap.Īn example POST policy condition to restrict exactly where and how much the request should be. ![]() This is exactly the type of logic offloading I was looking for to make this solution cheaper. ![]() In this case, we use POST policy conditions which allow us to check the minimum and maximum allowable size for the uploaded content. Now back to IAM to check if that can handle this validation for us. “The Content-Length entity-header field indicates the size of the entity-body, in decimal number of OCTETs, sent to the recipient or, in the case of the HEAD method, the size of the entity-body that would have been sent had the request been a GET.” My first cognitive checkpoint was to tap in what does my browser send as part of the multipart upload request, to find something I can use.Īnd bingo, we can use the content length in number of octets to check our request is not shooting over the upload cap. If you find a good use case for this give us a shout in the comments. I should point this is a Proof of Concept ( POC ) which proved - it is possible in practice to push the boundaries of IAM and Lambda to control how much some authenticated user can upload, and where. I am going to describe the infrastructure behind something which can be called a fully server less object uploader, with some validation (in this case I have implemented a user upload cap but can be anything else) and less obvious but also important - object listing. Psychologically we are inclined to compensate on our ordered life in some unordered way and I chose to go full on Hoarder style with S3 Object storage and server less architecture for this little POC. I mean, some files I store are better off in cold storage and my family will always drop and forget and remember it 6 months later. There must be a way to get full transparency on your cloud storage bills which is something I never got out of commercial solutions out there with fixed subscription packages.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |