Navigation

signPolicy

On this page

Definition

signPolicy

Generates a document containing the fields policy, signature, and the accessKeyId, which you can use to issue a POST request directly to S3.

Important

To perform an S3 service action, you must have rules set up for the action.

You can only use the signPolicy action in the first stage of a pipeline.

The signPolicy action stage has the following syntax:

Tip

In the stages, the action arguments can make use of variables (%%vars) defined for the stage as well as defined constants and expansions.

{ "service": <s3-servicename>, "action": "signPolicy", "args": { "contentType": <string>, "acl": <string>, "bucket": <string>, "key": <string> } }

The signPolicy action takes the following arguments:

Argument Type Description
bucket string The S3 bucket name.
key string The unique identifier for the uploaded object.
acl string

Access control list. Valid values are:

  • private
  • public-read
  • public-read-write
  • aws-exec-read
  • authenticated-read
  • bucket-owner-read
  • bucket-owner-full-control

See Amazon’s documentation for more information.

contentType string Data format, e.g. text/plain

Example

Consider the following pipeline:

[
  {"service":"my-s3-service","action":"signPolicy","args":{"contentType":"text/plain","acl":"public-read","bucket":"my-s3-bucket","key":"myFile.txt"}}
]

Stage1: The S3 signPolicy stage outputs a document:

{
  "policy": "policy11111111111=+",
  "signature": "mysignatureABC====",
  "accessKeyId": "MYS3ACCESSKEY"
}