In this blog post, I will be walking through the steps as to how we can utilize the presigned url feature to upload files into AWS S3. Serverless will be used to spin up the necessary AWS resources for this post.
Why do we need a Presigned URL in the first place?
Presigned URL can be used in an instance such as the customer/user wants to upload a file into an S3 bucket, of which he/she doesn’t have access privileges to do so. Hence this mechanism can be used as a secured way of allowing unauthorized users to perform upload/download, into or from S3. This releases the burden from the user’s perspective of having the AWS Credentials (accesskey + secretkey) in place to make the request. Presigned URL also comes with an expiration date and time, hence it can be used more than once till it burns out.
AWS CLI and Serverless must be configured. You can follow this, if you haven’t set it up already.
AWS Resources that we’ll need:
- an S3 Bucket
- an AWS Lambda Function
- an API Gateway endpoint
- Create the nodejs lambda function to generate the presigned url by using the S3 API. You can pick any language you want, I’ve used nodejs for testing purposes.
2. Create a serverless template to provision all the necessary AWS resources ( S3, Lambda Function and API Gateway) for our testing.
3. Deploy the serverless template into your AWS environment by going into the template location and executing the following command:
4. Verify whether the resources have been provisioned:
5. Make a GET request to the created API endpoint to retrieve the presigned url using Postman or any other HTTP client:
You’ll be able to see the returned presigned url as the response if the request was success.
6. The URL above can be used to upload a file into the designated s3 bucket as below
The original script can be found here. Please make sure to change the presigned url accordingly.
7. After updating the script with the received URL, try running the upload_file.js to see whether the file has got uploaded into the appropriate S3 bucket as an object. You may run the file as following:
8. Check your s3 bucket whether it has got uploaded:
As you can see the video file which I used, have got uploaded successfully.
That’s it. It’s simple as that. By using CORS, you can even secure your API calls even further. In that case, make sure to include only the allowed origins when creating the API Gateway within the serverless template. You can also edit the CORS configuration of the bucket as well, so that only specific API calls from that origin will be allowed to upload files into the S3 bucket.
Complete example can be found here.