Access Images Stored on AWS S3

Amazon Simple Storage Service (AWS S3) is a highly scalable, durable, and secure object storage service offered by Amazon Web Services. It is widely used to store and retrieve a vast amount of data, including images. In this blog post, we will explore how software engineers can access images stored on AWS S3, covering core concepts, typical usage scenarios, common practices, and best practices.

Table of Contents#

  1. Core Concepts
  2. Typical Usage Scenarios
  3. Common Practices
  4. Best Practices
  5. Conclusion
  6. FAQ
  7. References

Core Concepts#

AWS S3 Basics#

  • Bucket: A bucket is a top - level container in AWS S3. It is used to organize and store objects. Buckets have a unique name globally across all AWS accounts. For example, you might create a bucket named my-image-bucket to store all your images.
  • Object: An object is a file stored in an S3 bucket. It consists of data, a key (which is the unique identifier within the bucket), and metadata. When storing an image, the image file is the object, and you assign a key like images/profile-picture.jpg.
  • Region: AWS S3 buckets are created in a specific AWS region. The region affects factors such as latency, availability, and cost. For instance, if your users are mainly in Europe, you might choose the eu - west - 1 region.

Access Control#

  • Bucket Policy: A bucket policy is a JSON - based access policy that you can attach to an S3 bucket. It can be used to grant or deny access to the bucket and its objects. For example, you can create a bucket policy to allow public read access to all images in a specific bucket.
  • IAM (Identity and Access Management): IAM is a service that enables you to manage access to AWS services. You can create IAM users, groups, and roles with specific permissions to access S3 buckets. For example, you can create an IAM role for an EC2 instance that allows it to read images from a particular S3 bucket.

Typical Usage Scenarios#

Web Applications#

  • E - commerce: In an e - commerce application, product images are often stored in AWS S3. When a user views a product page, the application fetches the relevant product image from the S3 bucket and displays it on the page.
  • Social Media: Social media platforms store user profile pictures and post images in S3. When a user's profile page is loaded, the application retrieves the user's profile picture from the S3 bucket.

Mobile Applications#

  • Photo - sharing apps: Mobile photo - sharing apps allow users to upload and view photos. The uploaded photos are stored in S3, and when a user wants to view a photo, the app accesses the photo from the S3 bucket.

Data Analytics#

  • Image processing: In data analytics projects involving image data, images are stored in S3. Analytics tools can then access these images from S3 for tasks such as image classification, object detection, etc.

Common Practices#

Using the AWS SDK#

  • Python: The AWS SDK for Python (Boto3) is a popular choice for accessing S3. Here is a simple example of how to download an image from an S3 bucket using Boto3:
import boto3
 
s3 = boto3.client('s3')
bucket_name = 'my-image-bucket'
key = 'images/profile-picture.jpg'
local_file_path = 'profile-picture.jpg'
 
s3.download_file(bucket_name, key, local_file_path)
  • Java: The AWS SDK for Java can also be used to access S3. Here is an example of how to get an object from an S3 bucket:
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.S3Object;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
 
public class S3ImageAccess {
    public static void main(String[] args) {
        String bucketName = "my-image-bucket";
        String key = "images/profile-picture.jpg";
        String localFilePath = "profile-picture.jpg";
 
        AmazonS3 s3Client = AmazonS3ClientBuilder.defaultClient();
        S3Object s3Object = s3Client.getObject(bucketName, key);
        try (InputStream inputStream = s3Object.getObjectContent();
             OutputStream outputStream = new FileOutputStream(localFilePath)) {
            byte[] buffer = new byte[4096];
            int bytesRead;
            while ((bytesRead = inputStream.read(buffer)) != -1) {
                outputStream.write(buffer, 0, bytesRead);
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}

Presigned URLs#

  • A presigned URL is a URL that you can generate to grant temporary access to an S3 object. This is useful when you want to share an image with someone who does not have direct access to the S3 bucket. Here is an example of generating a presigned URL using Boto3:
import boto3
import datetime
 
s3 = boto3.client('s3')
bucket_name = 'my-image-bucket'
key = 'images/profile-picture.jpg'
expiration = datetime.timedelta(minutes=15)
presigned_url = s3.generate_presigned_url('get_object',
                                          Params={'Bucket': bucket_name, 'Key': key},
                                          ExpiresIn=expiration.total_seconds())
print(presigned_url)

Best Practices#

Security#

  • Encrypt Images: Use server - side encryption (SSE) to encrypt images stored in S3. You can choose between SSE - S3 (AWS - managed keys), SSE - KMS (AWS KMS - managed keys), or SSE - C (customer - provided keys).
  • Limit Access: Only grant the minimum necessary permissions to access the S3 bucket. Use IAM policies and bucket policies to restrict access to specific users, roles, or IP addresses.

Performance#

  • Use Caching: Implement caching mechanisms such as Amazon CloudFront in front of your S3 bucket. CloudFront can cache images at edge locations, reducing the latency for end - users.
  • Optimize Image Sizes: Before uploading images to S3, optimize their sizes. This can reduce the amount of data transferred and improve the performance of your application.

Cost Management#

  • Delete Unused Images: Regularly clean up unused images from your S3 bucket to avoid unnecessary storage costs.
  • Choose the Right Storage Class: AWS S3 offers different storage classes with different costs and performance characteristics. Choose the appropriate storage class based on your access patterns. For example, if you rarely access an image, you can use the S3 Glacier storage class.

Conclusion#

Accessing images stored on AWS S3 is a common requirement for many software applications. By understanding the core concepts, typical usage scenarios, common practices, and best practices, software engineers can effectively and securely access images stored in S3. Whether you are building a web application, a mobile app, or working on a data analytics project, AWS S3 provides a reliable and scalable solution for storing and retrieving images.

FAQ#

Q1: Can I make my S3 bucket public so that anyone can access the images?#

Yes, you can make a bucket public by creating a bucket policy that allows public read access. However, this should be done with caution, especially if the images contain sensitive information.

Q2: How long can a presigned URL be valid?#

The maximum validity period for a presigned URL is 7 days. You can set a shorter validity period depending on your requirements.

Q3: What happens if I run out of storage in my S3 bucket?#

AWS S3 is highly scalable, and you can continue to store data as long as you are willing to pay for the additional storage. There is no fixed limit on the amount of data you can store in an S3 bucket.

References#

2025-10