S3 client-upload parameter generation with Python
# http://aws.amazon.com/articles/1434
def S3UploadParams(bucket_name, object_name, expiry, maxsize, redirect):
import os, boto, json, base64, hmac, hashlib
from time import time, gmtime, strftime
def SignS3Upload(policy_document):
policy = base64.b64encode(policy_document)
return base64.b64encode(hmac.new(
boto.config.get('Credentials', 'aws_secret_access_key'),
policy,
hashlib.sha1
).digest())
def GenerateS3PolicyString(bucket_name, object_name, expiry, maxsize, redirect):
policy_template = '{ "expiration": "%s", "conditions": [ {"bucket": "%s"}, ["eq", "$key", "%s"], {"acl": "private"}, {"success_action_redirect": "%s"}, ["content-length-range", 0, %s] ] }'
return policy_template % (
strftime("%Y-%m-%dT%H:%M:%SZ", gmtime(time() + expiry)),
bucket_name,
object_name,
redirect,
maxsize
)
params = {
'key': object_name,
'AWSAccessKeyId': boto.config.get('Credentials', 'aws_access_key_id'),
'acl': 'private',
'success_action_redirect': redirect,
}
policy = GenerateS3PolicyString(bucket_name, object_name, expiry, maxsize, redirect)
params['policy'] = base64.b64encode(policy)
signature = SignS3Upload(policy)
params['signature'] = signature
return params
Categorised as: snippet