On this page



Generates a document containing the fields policy, signature, and the accessKeyId, which you can use to issue a POST request directly to S3.


To perform an S3 service action, you must have rules set up for the action.

You can only use the signPolicy action in the first stage of a pipeline.

The signPolicy action stage has the following syntax:


In the stages, the action arguments can make use of variables (%%vars) defined for the stage as well as defined constants and expansions.

{ "service": <s3-servicename>, "action": "signPolicy", "args": { "contentType": <string>, "acl": <string>, "bucket": <string>, "key": <string> } }

The signPolicy action takes the following arguments:

Argument Type Description
bucket string The S3 bucket name.
key string The unique identifier for the uploaded object.
acl string

Access control list. Valid values are:

  • private
  • public-read
  • public-read-write
  • aws-exec-read
  • authenticated-read
  • bucket-owner-read
  • bucket-owner-full-control

See Amazon’s documentation for more information.

contentType string Data format, e.g. text/plain


Consider the following pipeline:


Stage1: The S3 signPolicy stage outputs a document:

  "policy": "policy11111111111=+",
  "signature": "mysignatureABC====",
  "accessKeyId": "MYS3ACCESSKEY"