okay so now the real meat and potatoes of my earlier question-- How can I get my users to upload stuff (preferably curl) to an S3 bucket with a pre-signed key (without an aws account)

@sara looks like AWS CLI doesn't let you specify the HTTP verb, and our docs seem to claim that the only SDKs supporting it are java, .NET, and ruby

the general process for creating a pre-signed URL is to do a sigv4 signature and put the signature in the URL. sigv4 is kind of complicated to get right the first few times but once you have the code it's a lot nicer. the procedure is described at:

@iliana ultimately my users want to mount an s3 bucket from a different AWS account into their s3 instance so they can copy over some important data to our servers

@sara you might want to look into sts:AssumeRole and cross-account policies in IAM

it can feel like a lot but once you know what's going on it's very powerful

@iliana would that all work even if the data org is our aws org?

@iliana to the best of my knowledge, we dont own the s3 bucket

@iliana no worries! I know we're kinda doing things in a non-ideal way but that's what happens sometimes lol

Sign in to participate in the conversation

Everything is connected.