我想确切地了解如何设置一个水桶，其通常是私人，但允许匿名上载有限制。具体标准是：

I am trying to understand exactly how to setup a bucket that is generally private but allows anonymous uploads with restrictions. The specific criteria are:

桶大部分是私人的，需要我的钥匙/秘密添加/删除/更新/列表文件。 有一个目录（即关键preFIX）被称为进入，将允许匿名用户上传的内容，但没有列出。 在桶中有对所有的内容进行了一天到期。作为奖励，我想进入目录下有一个30分钟的到期但如果这是不可能的为期一天的到期整个桶都行。 文件与进入preFIX将在每个对象的大小限制。 我可能也想限制与进入preFIX对象，只有特定的内容类型。

问题我有是：

它会更好简单地创建两个水桶。一个我传入的文件，一个是我个人的处理和存储？ 你会在code样子，对于一个文件被上传到incoming目录。理想情况下，我想，以避免依赖于S3库，只是使用HTTP调用。奖励积分，如果你能告诉我正确的方向上这红宝石。 ：）

到期经由S3中管理控制台似乎硬性而是仅1天为最小到期。我可以把一个小数在这一领域？权限似乎适用于整个斗而不只是preFIX。这让我觉得我只需要两桶水。如果我一直有一个水桶，我想我需要创建一个IAM策略并应用到桶，但它是超越S3的我有限的知识，我要确保我不离开一个洞，让人们做权限比我更希望他们。

The expiration seems settable via the S3 Management Console but is only limited to 1 day as the smallest expiration. Can I put a decimal in that field? Permissions seem to apply to an entire bucket instead of just a prefix. This is making me think I just need two buckets. If I keep with one bucket I think I need to create an IAM policy and apply that to the bucket but it is beyond my limited knowledge of S3 and I want to ensure I don't leave a hole in the permissions that allow people to do more than I want them to.

我发现很多文档上通过HTTP表单后做匿名上传到S3。我能够适应的到code，但我不知道，因为我在申请code（而不是HTTP表单POST）是否有更简单的方法？

I have found lots of documentation on doing anonymous uploads to S3 via a HTTP form post. I could adapt that into code but I am wondering since I am in application code (and not a HTTP form post) is there an easier way?

推荐答案

你描述的，可以在一个桶来实现。您可以允许通过斗政策匿名访问特定的文件夹，选中examples或使用 AWS策略生成器。你的情况可能是这个样子：

What you describe can be implemented within one bucket. You can allow anonymous access to specific folder via bucket policy, check examples or use AWS Policy Generator. In your case it could look something like this:

{
    "Version": "2008-10-17",
    "Id": "Policy1346097257207",
    "Statement": [
        {
            "Sid": "Allow anonymous upload to /incoming",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::[your_bucket]/incoming/*"
        }
    ]
}

也可以匿名使用一个简单的HTML表单文件上传到你的水桶：

It is also possible to upload files to your bucket anonymously using a simple html form:

<form action="http://[your_bucket].s3.amazonaws.com/" method="post" enctype="multipart/form-data">
    <input type="hidden" name="acl" value="public-read" />
    Name: <input type="text" name="key" value="incoming/[filename]" /><br/>
    File: <input type="file" name="file" /> <br />
    <input type="submit" name="submit" value="Upload" />
</form>​

S3基于浏览器的上传进行了详细的描述这里。