POST object upload authentication

A POST object upload request can be authenticated in these ways:

  • Header authentication

    The header can include AWS Signature Version 2 authorization information. Header authentication supports only AWS local user account credentials. Use a header with a value in the format Authorization: AWS all_users: for anonymous access, or Authorization: AWS access-key:signature for authenticated access.

    NoteActive Directory, SPNEGO, cookie, and HCP authentication are not supported.

  • In-form authentication

    The POST form can contain authentication-related fields. In-form authentication supports only AWS local user account credentials. All authorization-related form fields must be presented for in-form authentication to succeed. If both V2 and V4 authentication form fields are presented, V2 authentication information is used.

  • Security policy validation

    A policy is included in the request. Required if in-form authentication is used. If the policy is missing, HCP returns a status of 400.

For a namespace that does not permit anonymous access (that is, a non-public bucket), either header or in-form authentication is required. (Both can be provided.)