how to upload to s3 bucket a url image

In web and mobile applications, information technology's common to provide users with the ability to upload data. Your awarding may let users to upload PDFs and documents, or media such as photos or videos. Every modern web server technology has mechanisms to let this functionality. Typically, in the server-based environment, the process follows this period:

1. The user uploads the file to the awarding server.
2. The application server saves the upload to a temporary space for processing.
3. The application transfers the file to a database, file server, or object store for persistent storage.

While the process is simple, it can take significant side-furnishings on the operation of the web-server in busier applications. Media uploads are typically large, so transferring these can correspond a large share of network I/O and server CPU fourth dimension. Y'all must also manage the land of the transfer to ensure that the entire object is successfully uploaded, and manage retries and errors.

This is challenging for applications with spiky traffic patterns. For case, in a web application that specializes in sending holiday greetings, it may feel almost traffic only around holidays. If thousands of users attempt to upload media effectually the same time, this requires you to scale out the application server and ensure that in that location is sufficient network bandwidth available.

Past directly uploading these files to Amazon S3, you lot can avoid proxying these requests through your awarding server. This can significantly reduce network traffic and server CPU usage, and enable your application server to handle other requests during busy periods. S3 also is highly available and durable, making it an ideal persistent store for user uploads.

In this blog post, I walk through how to implement serverless uploads and show the benefits of this approach. This design is used in the Happy Path web application. You can download the code from this web log post in this GitHub repo.

Overview of serverless uploading to S3

When you upload directly to an S3 saucepan, you must kickoff request a signed URL from the Amazon S3 service. You lot can and then upload directly using the signed URL. This is two-step process for your application front stop:

1. Call an Amazon API Gateway endpoint, which invokes the getSignedURL Lambda function. This gets a signed URL from the S3 bucket.
2. Straight upload the file from the application to the S3 bucket.

To deploy the S3 uploader instance in your AWS business relationship:

1. Navigate to the S3 uploader repo and install the prerequisites listed in the README.md.
2. In a terminal window, run:
   git clone https://github.com/aws-samples/amazon-s3-presigned-urls-aws-sam
cd amazon-s3-presigned-urls-aws-sam
sam deploy --guided

3. At the prompts, enter s3uploader for Stack Proper name and select your preferred Region. Once the deployment is complete, annotation the APIendpoint output.The API endpoint value is the base URL. The upload URL is the API endpoint with /uploads appended. For example: https://ab123345677.execute-api.us-west-2.amazonaws.com/uploads.

Testing the application

I show ii ways to test this application. The first is with Postman, which allows yous to directly call the API and upload a binary file with the signed URL. The second is with a basic frontend application that demonstrates how to integrate the API.

To examination using Postman:

1. Get-go, copy the API endpoint from the output of the deployment.
2. In the Postman interface, paste the API endpoint into the box labeled Enter asking URL.
3. Choose Send.
4. Later on the request is complete, the Body section shows a JSON response. The uploadURL attribute contains the signed URL. Copy this attribute to the clipboard.
5. Select the + icon adjacent to the tabs to create a new asking.
6. Using the dropdown, modify the method from GET to PUT. Paste the URL into the Enter request URL box.
7. Choose the Body tab, then the binary radio button.
8. Choose Select file and choose a JPG file to upload.
   Cull Transport. Yous see a 200 OK response later the file is uploaded.
9. Navigate to the S3 console, and open the S3 bucket created past the deployment. In the bucket, y'all encounter the JPG file uploaded via Postman.

To test with the sample frontend application:

1. Copy index.html from the example's repo to an S3 bucket.
2. Update the object's permissions to brand information technology publicly readable.
3. In a browser, navigate to the public URL of index.html file.
4. Select Choose file and and then select a JPG file to upload in the file picker. Cull Upload prototype. When the upload completes, a confirmation message is displayed.
5. Navigate to the S3 panel, and open the S3 bucket created by the deployment. In the bucket, y'all come across the 2d JPG file y'all uploaded from the browser.

Understanding the S3 uploading process

When uploading objects to S3 from a web application, you must configure S3 for Cross-Origin Resource Sharing (CORS). CORS rules are divers as an XML certificate on the bucket. Using AWS SAM, you can configure CORS equally part of the resource definition in the AWS SAM template:

                      S3UploadBucket:     Type: AWS::S3::Bucket     Properties:       CorsConfiguration:         CorsRules:         - AllowedHeaders:             - "*"           AllowedMethods:             - GET             - PUT             - Head           AllowedOrigins:             - "*"                  

The preceding policy allows all headers and origins – information technology'due south recommended that you use a more restrictive policy for product workloads.

In the first step of the process, the API endpoint invokes the Lambda function to brand the signed URL asking. The Lambda function contains the following code:

          const AWS = require('aws-sdk') AWS.config.update({ region: process.env.AWS_REGION }) const s3 = new AWS.S3() const URL_EXPIRATION_SECONDS = 300  // Main Lambda entry betoken exports.handler = async (event) => {   return await getUploadURL(event) }  const getUploadURL = async function(upshot) {   const randomID = parseInt(Math.random() * 10000000)   const Fundamental = `${randomID}.jpg`    // Get signed URL from S3   const s3Params = {     Bucket: procedure.env.UploadBucket,     Primal,     Expires: URL_EXPIRATION_SECONDS,     ContentType: 'prototype/jpeg'   }   const uploadURL = look s3.getSignedUrlPromise('putObject', s3Params)   return JSON.stringify({     uploadURL: uploadURL,     Fundamental   }) }                  

This function determines the name, or fundamental, of the uploaded object, using a random number. The s3Params object defines the accepted content type and also specifies the expiration of the primal. In this instance, the key is valid for 300 seconds. The signed URL is returned as role of a JSON object including the key for the calling application.

The signed URL contains a security token with permissions to upload this single object to this bucket. To successfully generate this token, the code calling getSignedUrlPromise must have s3:putObject permissions for the bucket. This Lambda role is granted the S3WritePolicy policy to the saucepan by the AWS SAM template.

The uploaded object must lucifer the same file name and content type as defined in the parameters. An object matching the parameters may be uploaded multiple times, providing that the upload procedure starts before the token expires. The default expiration is 15 minutes simply yous may want to specify shorter expirations depending upon your use instance.

One time the frontend application receives the API endpoint response, it has the signed URL. The frontend application so uses the PUT method to upload binary data directly to the signed URL:

          let blobData = new Hulk([new Uint8Array(array)], {type: 'prototype/jpeg'}) const result = await fetch(signedURL, {   method: 'PUT',   trunk: blobData })                  

At this point, the caller application is interacting straight with the S3 service and not with your API endpoint or Lambda function. S3 returns a 200 HTML status code once the upload is complete.

For applications expecting a large number of user uploads, this provides a simple way to offload a big corporeality of network traffic to S3, away from your backend infrastructure.

Adding authentication to the upload process

The electric current API endpoint is open, available to any service on the internet. This means that anyone tin upload a JPG file one time they receive the signed URL. In almost production systems, developers want to use authentication to command who has admission to the API, and who can upload files to your S3 buckets.

You can restrict access to this API by using an authorizer. This sample uses HTTP APIs, which back up JWT authorizers. This allows you to command access to the API via an identity provider, which could be a service such every bit Amazon Cognito or Auth0.

The Happy Path application only allows signed-in users to upload files, using Auth0 as the identity provider. The sample repo contains a second AWS SAM template, templateWithAuth.yaml, which shows how y'all tin can add an authorizer to the API:

                      MyApi:     Type: AWS::Serverless::HttpApi     Properties:       Auth:         Authorizers:           MyAuthorizer:             JwtConfiguration:               issuer: !Ref Auth0issuer               audience:                 - https://auth0-jwt-authorizer             IdentitySource: "$request.header.Authorization"         DefaultAuthorizer: MyAuthorizer                  

Both the issuer and audience attributes are provided by the Auth0 configuration. Past specifying this authorizer every bit the default authorizer, information technology is used automatically for all routes using this API. Read part 1 of the Inquire Around Me serial to acquire more about configuring Auth0 and authorizers with HTTP APIs.

Later on hallmark is added, the calling web awarding provides a JWT token in the headers of the request:

          const response = expect axios.get(API_ENDPOINT_URL, {   headers: {     Authorization: `Bearer ${token}`         } })                  

API Gateway evaluates this token earlier invoking the getUploadURL Lambda role. This ensures that only authenticated users can upload objects to the S3 bucket.

Modifying ACLs and creating publicly readable objects

In the current implementation, the uploaded object is non publicly accessible. To make an uploaded object publicly readable, y'all must gear up its access control list (ACL). At that place are preconfigured ACLs available in S3, including a public-read option, which makes an object readable by anyone on the cyberspace. Ready the appropriate ACL in the params object before calling s3.getSignedUrl:

          const s3Params = {   Saucepan: procedure.env.UploadBucket,   Key,   Expires: URL_EXPIRATION_SECONDS,   ContentType: 'image/jpeg',   ACL: 'public-read' }                  

Since the Lambda part must have the appropriate bucket permissions to sign the request, you must also ensure that the function has PutObjectAcl permission. In AWS SAM, y'all tin can add the permission to the Lambda function with this policy:

                      - Statement:           - Result: Allow             Resource: !Sub 'arn:aws:s3:::${S3UploadBucket}/'             Action:               - s3:putObjectAcl                  

Decision

Many spider web and mobile applications let users to upload data, including large media files similar images and videos. In a traditional server-based awarding, this tin create heavy load on the application server, and also use a considerable amount of network bandwidth.

By enabling users to upload files to Amazon S3, this serverless pattern moves the network load away from your service. This can make your application much more scalable, and capable of treatment spiky traffic.

This web log post walks through a sample awarding repo and explains the process for retrieving a signed URL from S3. Information technology explains how to the test the URLs in both Postman and in a web application. Finally, I explain how to add hallmark and make uploaded objects publicly attainable.

To larn more than, encounter this video walkthrough that shows how to upload directly to S3 from a frontend web application. For more than serverless learning resources, visit https://serverlessland.com.

avilabagall.blogspot.com

Source: https://aws.amazon.com/blogs/compute/uploading-to-amazon-s3-directly-from-a-web-or-mobile-application/

Share this post