Java - act as a middleman for file upload to S3

Question

I am trying to figure out the simplest method for allowing clients to upload media (photos and video) to my S3 bucket, without giving them direct access, or using pre-signed URLs.

The idea is that I don't want any kind of media processing to occur, the only thing that I am interested in is to shield the S3 bucket from direct contact with the clients, and record information about the files being uploaded (such as size, type etc.).

Do you have any ideas on how this architecture might be implemeted in a simple way?

Answer 1

Uploading from a mobile app

To upload a file from a mobile application to Amazon S3:

• In your back-end, use the AWS Security Token Service to generate temporary credentials
• Pass the credentials to your mobile app
• The mobile app can then call AWS APIs

The temporary credentials can be granted a limited set of permissions (eg upload to a specific bucket and path) and are valid only for a limited duration, up to one hour. This is good security practice because no permanent credentials are kept on the mobile device.

Uploading from a web page

Use a browser-based upload via an HTML form. This allows a form in an HTML page to securely upload directly the Amazon S3 -- even to private folders. It uses a signed policy to define the permitted action (eg upload to a specific location, up to a certain file size, using a particular permission set).

The form can be static -- no need to recalculate signatures for every individual file to be uploaded.

See: Authenticating Requests in Browser-Based Uploads Using POST