AWS Lambda Presigned URLs for Uploading to S3

In modern cloud - based applications, handling file uploads efficiently is a common requirement. Amazon Web Services (AWS) provides a powerful combination of AWS Lambda and Amazon S3 to achieve this. AWS Lambda is a serverless computing service that allows you to run code without provisioning or managing servers. Amazon S3 is an object storage service offering industry - leading scalability, data availability, security, and performance. A presigned URL is a URL that gives temporary access to an S3 object. By using AWS Lambda to generate presigned URLs for S3 uploads, you can enable clients to directly upload files to S3 without going through your application server, reducing the load on your server and enhancing the overall performance of your application.

Table of Contents#

  1. Core Concepts
    • AWS Lambda
    • Amazon S3
    • Presigned URLs
  2. Typical Usage Scenarios
    • Mobile Applications
    • Web Applications
    • IoT Devices
  3. Common Practice
    • Prerequisites
    • Generating a Presigned URL in AWS Lambda
    • Client - side Upload Using the Presigned URL
  4. Best Practices
    • Security Considerations
    • Error Handling
    • Performance Optimization
  5. Conclusion
  6. FAQ
  7. References

Article#

Core Concepts#

AWS Lambda#

AWS Lambda is a serverless compute service that lets you run your code without provisioning or managing servers. You can write your code in various programming languages such as Python, Node.js, Java, etc. Lambda functions are event - driven, which means they are triggered by specific events like an HTTP request, a new record in a DynamoDB table, or a file upload to S3.

Amazon S3#

Amazon S3 is a highly scalable object storage service. It provides a simple web service interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web. S3 stores data as objects within buckets. Each object consists of a file and optional metadata.

Presigned URLs#

A presigned URL is generated by an AWS account with appropriate permissions. It contains a signature that is valid for a specified period. When a client uses a presigned URL, AWS verifies the signature and the expiration time. If the signature is valid and the URL has not expired, AWS allows the client to perform the action (in this case, upload a file) on the specified S3 object.

Typical Usage Scenarios#

Mobile Applications#

Mobile apps often need to upload user - generated content such as photos, videos, or documents. Instead of sending the files through the app server, using presigned URLs allows the app to directly upload files to S3. This reduces the latency and bandwidth usage of the app server.

Web Applications#

Web applications can also benefit from presigned URLs. For example, an e - commerce website where sellers can upload product images. By using presigned URLs, the website can offload the file upload process from its application servers, improving the overall performance and scalability.

IoT Devices#

IoT devices may need to upload sensor data or other types of information to the cloud. Since IoT devices may have limited processing power and bandwidth, direct upload to S3 using presigned URLs can be a more efficient solution.

Common Practice#

Prerequisites#

  • An AWS account.
  • AWS CLI configured with appropriate permissions to access Lambda and S3.
  • Basic knowledge of a programming language supported by AWS Lambda (e.g., Python or Node.js).

Generating a Presigned URL in AWS Lambda#

Here is an example of generating a presigned URL for S3 upload using Python in AWS Lambda:

import boto3
import os
 
s3_client = boto3.client('s3')
 
def lambda_handler(event, context):
    bucket_name = os.environ.get('BUCKET_NAME')
    object_name = event.get('object_name')
    expiration = 3600  # URL valid for 1 hour
 
    try:
        presigned_url = s3_client.generate_presigned_url(
            'put_object',
            Params={'Bucket': bucket_name, 'Key': object_name},
            ExpiresIn=expiration
        )
        return {
            'statusCode': 200,
            'body': {'presigned_url': presigned_url}
        }
    except Exception as e:
        return {
            'statusCode': 500,
            'body': {'error': str(e)}
        }

Client - side Upload Using the Presigned URL#

On the client - side (e.g., in a JavaScript - based web application), you can use the following code to upload a file using the presigned URL:

const file = document.getElementById('fileInput').files[0];
const presignedUrl = 'YOUR_PRESIGNED_URL';
 
fetch(presignedUrl, {
    method: 'PUT',
    body: file
})
.then(response => {
    if (response.ok) {
        console.log('File uploaded successfully');
    } else {
        console.error('File upload failed');
    }
})
.catch(error => {
    console.error('Error:', error);
});

Best Practices#

Security Considerations#

  • Limit the URL expiration time: Set a reasonable expiration time for the presigned URL to minimize the risk of unauthorized access.
  • Use HTTPS: Always use HTTPS for both the presigned URL and the client - side communication to ensure data integrity and confidentiality.
  • Validate the object key: On the server - side, validate the object key to prevent malicious users from overwriting existing objects or accessing restricted parts of the bucket.

Error Handling#

  • Server - side: In your Lambda function, handle errors gracefully and return appropriate error messages to the client.
  • Client - side: Implement proper error handling in the client - side code to inform the user about any upload failures.

Performance Optimization#

  • Parallelize uploads: If possible, allow clients to upload multiple files in parallel to improve the overall upload speed.
  • Compress files: Compress files before uploading to reduce the amount of data transferred.

Conclusion#

Using AWS Lambda to generate presigned URLs for S3 uploads is a powerful and efficient way to handle file uploads in cloud - based applications. It reduces the load on application servers, improves performance, and enhances scalability. By understanding the core concepts, typical usage scenarios, common practices, and best practices, software engineers can effectively implement this solution in their projects.

FAQ#

Q: Can I use presigned URLs for downloading files from S3? A: Yes, you can generate presigned URLs for both uploading and downloading files from S3. The process is similar, but you need to use the get_object operation when generating the URL.

Q: What happens if the presigned URL expires during the upload? A: If the presigned URL expires during the upload, the upload will fail. You should handle this situation on the client - side by requesting a new presigned URL from the server.

Q: Are there any limitations on the file size when using presigned URLs? A: There is no specific limitation on the file size imposed by the presigned URL mechanism. However, S3 has its own limits, and you may also need to consider the bandwidth and processing capabilities of the client and the network.

References#

2025-10