Should I use API gateway as a proxy to S3?

Question

I'm learning serverless architectures and currently reading this article on Martin Fowler's blog.

So I see this scheme and try to replace the abstract components with AWS solutions. I wonder if not using API gateway to control access to S3 a good idea (on the image the database no.2 is not using it). Martin speaks about Google Firebase and I'm not familiar with how it compares to S3.

https://martinfowler.com/articles/serverless/sps.svg

Is it a common strategy to expose S3 to client-side applications without configuring an API gateway as a proxy between them?

Answer 1

To answer your question - probably, yes.

But, you’ve made a mistake in selecting AWS services for the abstract in Martin’s blog. And you probably shouldn’t use S3 at all in the way you’re describing.

Instead of S3; you’ll want dynamoDB. You’ll also want to look at Cognito for auth.

Have a read of this after Martin’s article for how to apply what you’ve learned on AWS specific services https://aws.amazon.com/getting-started/hands-on/build-serverless-web-app-lambda-apigateway-s3-dynamodb-cognito/

Answer 2

Aws S3 is not a database, its an object storage service.

Making S3 bucket publicly accessible is possible but not recommended however, you can access its objects using the S3 API either via the CLI or the SDK.

Back to your question in the comments regarding whether consuming the API directly from the frontend (assuming you mean using JS) is for sure a bad practic since AWS highly recommend you to securly store your API credentials (keys), and as any AWS API call should include the API credentials (keys) provided by AWS for your IAM user, then obviously anyone using your web application can see these keys.

Hope this answered your question.