Using Signed URLs to Offload Uploads to AmazonS3 with NodeJS


There is a feature in Amazon S3 that can help you move your application from the path, in order to upload the files to S3. This feature is called “Signed URLs”, and basically allows you to call the S3 API to return a URL with a signature that you can use later to upload files directly.

How does this work?

For example, let's say that you're writing a mobile app, with an API to upload image files. You can do the entire process using the server side of the application, getting the file from the device and uploading it to the bucket by yourself (or using your application).

That method is fine, but, if your application is going to grow, the best you can do for yourself is to delegate some work to s3.

The workflow is very simple:

  1. The mobile application tells to the API that it needs to upload a file.
  2. The API receives the request and calls the S3 API to get the signed url that’s going to be used to upload the file on the location (s3://bucket/object) specified in this operation.
  3. You return the signed URL to the mobile device.
  4. The device uses an HTTP PUT operation to upload the file directly to S3.


Here is an easy code snippet to demonstrate the behavior. The only requirement is to install the aws-sdk npm module.

var AWS = require('aws-sdk');
AWS.config.update({accessKeyId: 'MYKEY',
                secretAccessKey: 'MYSECRET'});
var s3 = new AWS.S3();
var params = {
  Bucket: 'myBucket',
  Key: 'myKey'
s3.getSignedUrl('putObject', params, function(err, url) {
  if (err)
    console.log("Signed URL: ", url);

Then run this code (updating your keys and bucket/object names):
# nodejs signed-urls.js

It should print an URL that you can use in to upload the file. You can simulate the behavior of a mobile device using a simple command:

# curl -v --upload-file /tmp/somefile.png [URL RETURNED BY THE NODE APP]

Now let’s say you want to allow public access to this file, you have to add this at the end of the URL:

Final words

IMPORTANT! Don’t forget to put the URL between single quotes! Shell gets confused with & and other symbols on it.

To finish, the user owner of the keys you use should have permissions to upload file and to set permissions if you have using the public-acl feature.

Taking your App from Development to Deployment


Faster than Traditional Ops
Continuous Improvement
Cost Effective

Topics: DevOps