Navigation
  • Rules >
  • Amazon S3 Service Rules

Amazon S3 Service Rules

To use the Amazon S3 Service, you must specify rules to enable its actions. The rules must evaluate to true for the action to be enabled. An empty document ({}) always evaluates to true.

Specify a Rule

  1. Select the action(s) for which the rule applies.

  2. Specify the rule in valid JSON that evaluates to a boolean. You can specify MongoDB query expression operators with the exception of the $text and geospatial operators:

    {
      <field1>: <value1|expression1>,
      <field2>: <value2|expression2>,
      ...
    }
    

    You can specify rules based on an argument to the action. For details and examples, see Amazon S3 Service Arguments.

Amazon S3 Service Arguments

To specify a rule based on arguments:

{
  "%%args.<argument1>": <value1|expression1>,
  "%%args.<argument2>": <value1|expression2>,
  ...
}

Or, you can omit the %%args prefix if you do not specify any expansion prefixes for the fields.

{
  "<argument1>": <value1|expression1>,
  "<argument2>": <value1|expression2>,
  ...
}

However, you cannot mix arguments with prefixes and arguments without prefixes in the same rule. For example, the following rule is invalid:

{
  "%%args.to": "text@example.com",
  "from": "someone@example.com",
  ...
}

You can use the following arguments in S3 service rules.

bucket

The bucket argument is a string that corresponds to the S3 bucket name.

key

The key argument is a string that corresponds to the object key, or key name, which uniquely identifies the object in the bucket; i.e. the path to the object in the bucket.

acl

The acl argument is a string that corresponds to the access control list (ACL) permissions. The value can be one of the following strings:

  • "private"
  • "public-read"
  • "public-read-write"
  • "aws-exec-read"
  • "authenticated-read"
  • "bucket-owner-read"
  • "bucket-owner-full-control"

contentType

The contentType argument is a string that corresponds to the MIME type of the content, such as text/plain or audio/mpeg.

Example

Actions When
put
{
  "bucket" : { "%in": "%%values.mybuckets" },
  "contentType" : "text/plain"
}

The S3 rule ensures that applications can only perform a put action when the:

  • bucket is a string listed in mybuckets, where mybuckets is a user-defined constant. For more information in defining constants, see Values.
  • contentType is "text/plain".