Yes, this should be possible. What you need to do is create a signed policy file per-upload or per-user. That policy file, the signature, and some other data must be sent by the client program using a POST request to the bucket you’d like them to use. Amazon will examine the request, check that the parameters are within the limits of the policy file that accompanies the request, and then allow the post. Note that this policy should not be confused with the bucket policy. This is, in fact, a policy which could change per request if you wanted, and it is submitted by the client program (after the client program obtained a signed copy from you).