How to implement read only and write once for s3

What we want is our mobile can upload files to our s3 bucket, as people can decompile the client code to get the token, we need to prevent the abuse of s3, and keep our data not tampered.

The permissions for object only have getObject and putObject, amazon treat create a new object and update a object use the same putObject action, so we can’t make them with different permissions.

Here are some other way to achieve this.

Using Versioning

What is s3 versioning?( We can create getObject and putObject permissions to client, but always use the version 1 for getting the right object, as other versions if there, they must created by some crackers.

Using temp bucket only for client upload

  1. create a temp bucket only for client;
  2. set only putObject permission for client;
  3. set lifecycle for a short time;
  4. every time client create a object, we move it to production bucket and choose another unique key for it.
  5. client don’t have any permissions for this production bucket.



Use parse for push notification


  1. use empty string(‘’) for broadcast notification;
  2. use custom key(user_unique_id) for direct notification. When user first launch the app, we can bind the broadcast channel for user to get some app level notifications. When user login the app, we can bind the custom channel based on user id to send some notifications only for this user. When user logout the app, we need unbind the custom channel to make sure user will not get any direct notification, but also can get app level notifications. If user uninstall the app, parse will handle this, as app level notification will not send to this mobile. ### Refs


About json format

We always want to see the json data pretty, so there are a lot of ways to achieve this.

online web service

json formmater and validator

chrome console

Right click and click the ‘inspect element’ or ALT + COMMAND + i, enter into the chrome console, write your json data and assign it to a variable, you can control it as a dict.


read data from input: echo ‘{“test”:1,”test2”:2}’ | python -mjson.tool

retrieve select data (In this case “test”’s value): echo ‘{“test”:1,”test2”:2}’ | python -c ‘import sys,json;data=json.loads(; print data[“test”]’)

if the json data is in a file: python -mjson.tool filename.json

in python code

use system command def print_json(data):     import os

        cmd = "echo '%s' | python -mjson.tool" % data
        os.system(cmd) use json lib
print json.dumps(json.loads(content), indent=4, ensure_ascii=False)