skip to Main Content

I have a long and still growing policy within one of my S3 buckets. I want to check the total length to see, if the policy may hit the 20KB hard limit of AWS anytime soon.

I did following in my js console:

policy = <text copied from s3 bucket policy>
JSON.stringify(policy).length
> 28941

The policy works even though I should be over the limit. How can this be? How can I reliably check the policy size in an AWS approved manner and see, how many characters are still left?

I did following:

  • checked the AWS docs
  • counted the characters myself

2

Answers


  1. I am not aware of any S3 API that can simply return the size of a bucket policy.

    You can compute the size of a bucket policy as a JSON object, just like any other JSON object. It looks like you are using JavaScript. In JavaScript, the length property of a string contains the length of the string in UTF-16 code units, not the size of the string in bytes.

    Getting the size of a JSON object depends on the JS runtime you are using. For example, if you are using node.js or a modern browser, you can convert your JSON to an Uint8Array and infer the size from the length of that array (in Uint8Array each item is a 1 byte unsigned integer).

    const obj = JSON.stringify(myJson);
    const arr = new TextEncoder().encode(obj); // returns Uint8Array containing UTF-8 encoded text.
    const sizeInBytes = arr.length;
    const sizeInKB = arr.length / 1024;
    
    Login or Signup to reply.
  2. After contacting AWS support on this it turned out that:

    1. 20kB policy size limit is still valid and enforced.
    2. AWS is doing some policy normalizations which reduce the total size of the policy, so the total size of the policy in characters may be bigger then what JSON.stringify(policy) may report.
    3. To my understanding there are no means to calculate the size of the normalized policy besides contacting AWS S3 support. If JSON.stringify(policy).length < 20kB then you are safe, else consider a workaround soon.
    4. Using multiple S3 Access Points is one of the ways how to bypass the policy size limits.
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search