AWS - pre-signed url as inbound/outbound

 

Basic Architecture

Prerequisites/ Resources

• S3 Bucket

• IAM role/policy

• Lambda Function (Python)

• API Gateway

• Postman (testing purpose)

Lambda function act as endpoint for API Gateway

1   import boto3 2from botocore.client import Config 3 4def lambda_handler(event, context): 5 print("event: ", event) 6 # step 1: connect to s3 using boto3 7 try: 8 s3Client = boto3.client("s3", config=Config(signature_version='s3v4')) 9 10 except Exception as e: 11 return { 12 "status_code": 400, 13 "error": 0 14 } 15 16 # step 2: prepare params 17 bucket_name = event.get('bucket_name') 18 file_key = event.get('file_key') 19 action = event.get('action') 20 21 # step 3: generate presigned url 22 try: 23 URL = s3Client.generate_presigned_url( 24 "put_object" if action == "upload" else "get_object", 25 Params = {"Bucket": bucket_name, "Key": file_key}, 26 ExpiresIn = 180) 27 28 return { 29 "status_code": 200, 30 "url": URL, 31 "event": event 32 } 33 34 except Exception as e: 35 return { 36 "status_code": 400, 37 "error": 0 38 }

lambdaAccessS3Bucket policy and create role and add this policy

{ 2 "Version": "2012-10-17", 3 "Statement": [ 4 { 5 "Effect": "Allow", 6 "Action": [ 7 "s3:PutObject", 8 "s3:GetObject" 9 ], 10 "Resource": "arn:aws:s3:::bucket_name/*" 11 } 12 ] 13}