This project provides a serverless API to generate pre-signed S3 upload URLs using AWS Lambda, API Gateway, and S3.
It allows secure file uploads of any type while enforcing API key authentication.
✅ Secure Signed URL Uploads (AWS SDK v3)
✅ Supports All File Types (PNG, PDF, MP4, etc.)
✅ API Gateway Throttling & API Key Security
✅ Built with AWS CDK (Python) for easy deployment
- AWS CLI Installed → Install Guide
- AWS CDK Installed → Run:
npm install -g aws-cdk
- Python 3.9+ Installed
- AWS Credentials Configured
aws configure
git clone https://github.com/YOUR-ORG/s3-uploader-api.git
cd s3-uploader-apipython -m venv .venv
source .venv/bin/activate # (Mac/Linux) or .venv\Scripts\activate (Windows)
pip install -r requirements.txtcd s3UploaderFunction
npm install
cd ..cdk deployAfter deployment, note the API Gateway URL and API Key from the output.
Use API Gateway to request a pre-signed URL:
curl -H "x-api-key: YOUR_API_KEY" \
"https://your-api-id.execute-api.us-east-1.amazonaws.com/prod/upload?contentType=image/png"Response Example:
{
"uploadURL": "https://your-bucket.s3.amazonaws.com/abc12345?AWSAccessKeyId=...",
"photoFilename": "abc12345"
}Once you receive the uploadURL, upload a file using curl:
curl -X PUT -H "Content-Type: image/png" --upload-file test-image.png "UPLOAD_URL_FROM_STEP_1"✅ If successful, you will not see any output.
Check if the file exists:
aws s3 ls s3://YOUR_BUCKET_NAME/Or download it:
aws s3 cp s3://YOUR_BUCKET_NAME/abc12345 downloaded-file.png| Issue | Solution |
|---|---|
403 Forbidden on API Gateway |
Ensure API Key is correct and included in the request headers. |
403 Forbidden on S3 Upload |
Check IAM permissions for Lambda, ensure correct S3 bucket policy. |
500 Internal Server Error |
Check AWS CloudWatch logs for Lambda errors. |
To remove all AWS resources:
cdk destroy