Building applications requires extensive planning, ranging from UI design and data flow to database interactions. However, one of the most crucial aspects is figuring out how to allow users to save files such as images, PDFs, and videos  securely and reliably within our application. Fortunately, AWS offers a robust and scalable service for handling file storage: Amazon Simple Storage Service (S3). Nevertheless, the real challenge lies in controlling how users upload and download their files. While Amazon S3 is simple to use, it’s essential to ensure that the interactions between our application and S3 are reliable, fast, and secure. Therefore, today, we will learn how to manage file uploads and downloads using S3 Presigned URLs, just as AWS recommends to ensure a seamless and secure experience for both developers and users.

What is a Presigned URL?

A presigned URL is a temporary secure link that lets users upload or download files directly from S3 without needing AWS credentials. The backend generates the link, sets an expiration, and sends it to the user. It’s secure, efficient, and server-friendly. Let’s discuss how using a presigned url improves your ability to have file uploads/downloads to be secured, reliable, and scalable.

Secure

You are able to limit access on specific files for a short time and only allow certain actions like uploading or downloading. Once the URL expires, no one can use it anymore thus keeping your data secured and ensures only authorized users have access.

Fast

Uploads go directly to S3 which bypasses the backend which reduces latency and speeds up the process which is more noticeable on larger files since the server isn’t handling the file transfer and doesn’t get bogged down with file upload traffic. Also you can combine presigned urls with multipart upload thus making it faster since uploads are split into smaller chunks and run in parallel.

Cost-Effective

By offloading the uploading and downloading process from your backend to Amazon S3, it saves on precious server resources and bandwidth thus help in lowering operations costs making it more affordable than handling everything through your server.

User-Friendly

Presigned URLs are easy to implement and can be integrated easily with both web and mobile apps. Users don’t need AWS credentials to upload or download files and the process is similar and as smooth as regular uploads.

How Others Handle File Uploads and Downloads?

In all honesty, You can have any implementation on how will you let your users upload and download files from and to your application. Let’s dive into some of the common implementations and discuss the advantages and risks.

Demo Time! Let’s look into a simple implementation with Node

To be able to implement simple logic in creating presigned urls for uploading and downloading we will need to use the official Node AWS SDK. For Python please use the official SDK called Boto3 and for other languages like Go please do check the documentation here: AWS Developer Tools.

To get started, let’s download the needed dependencies:

• Install the @aws-sdk/client-s3 which allows us to interact directly with the S3 Service
• Install the @aws-sdk/s3-request-presigner which will be used to help us to sign urls

Next is the nodejs code to generate presigned url, upload via the url, and download via the url.

Lastly, you can simply run the script or implement it to your api, but for now let’s upload a simple text file secret-recipe.txt to S3 using our code and the generated presigned url then finally download it via a presigned url.

Here we have an S3 bucket with no public access and no files

For context the text file contains the secret recipe for Adobo

Running the script, it will console log the presigned url and you will see http request and will tell you if it worked or not. Here is what the bucket looks like after successful upload. It created a path prefix called uploads/ and uploaded the file inside that prefix which acts like a folder.

Conclusion

As engineers, we need to make sure that we offer a seamless user experience while also ensuring the security of our files and maintaining reliability, especially for applications that require object/file storage. In this regard, Amazon S3 is a powerful tool that fully supports us. However, simply using it without following the recommended best practices for interaction can expose us to potential risks and disadvantages since there are a lot of methods we can choose for handling file uploads and downloads. Therefore, it’s crucial to adhere to these best practices. In conclusion, AWS aims to provide us with the best tools and experiences to build our million-dollar ideas. More importantly, AWS helps us create applications that are both secure and scalable ensuring we meet our goals. One key step in achieving this is using presigned URLs to improve security and streamline our workflows.