I've got a small web application that's starting to get more users, and now I need to implement a way for users to upload files. I'm not really an expert in this area, but one option I was considering is using Amazon S3. I've heard about pre-signed URLs as a method for file uploads, but I'm unsure if that's the best approach. Should I create a front-end button and hide the S3 logic behind it? I'm really looking for some advice and recommendations on the best way to manage file uploads. Thanks in advance!
5 Answers
Consider your security needs. Are the files going to be publicly available? If not, managing access is crucial.
You'll need a server-side component to compute those pre-signed URLs. A Lambda function can work great for this and keeps things tidy on the backend.
Using pre-signed URLs is definitely the way to go! They allow your backend to securely create a temporary link for users to upload files directly to S3 without exposing your credentials. Just make sure that the pre-signed URLs are generated server-side for security purposes.
Absolutely use pre-signed URLs generated on the server to secure uploads and limit usage. When the files are uploaded to S3, avoid using it directly to deliver files because of potential costs; consider using a CDN like CloudFront with pre-signed URLs for distribution instead.
If you choose the pre-signed URL method, make sure not to store your S3 access credentials in the frontend of your app. Everything related to generating the pre-signed URLs should be handled in your backend or a Lambda function to ensure safety and security.
Even better: You can use pre-signed uploads through CloudFront. This keeps the S3 bucket completely hidden and everything is delivered under your own domain name.