POST object upload authentication

A POST object upload request can be authenticated in these ways:

Header authentication: The header can include AWS Signature Version 2 authorization information. Header authentication supports only AWS local user account credentials. Use a header with a value in the format Authorization: AWS all_users: for anonymous access, or Authorization: AWS access-key:signature for authenticated access.

Note: Active Directory, SPNEGO, cookie, and HCP authentication are not supported.

In-form authentication: The POST form can contain authentication-related fields. In-form authentication supports only AWS local user account credentials. All authorization-related form fields must be presented for in-form authentication to succeed. If both V2 and V4 authentication form fields are presented, V2 authentication information is used.

Security policy validation: A policy is included in the request. Required if in-form authentication is used. If the policy is missing, HCP returns a status of 400.

For a namespace that does not permit anonymous access (that is, a non-public bucket), either header or in-form authentication is required. (Both can be provided.)

© 2015, 2020 Hitachi Vantara LLC. All rights reserved.