0

I have a serverless application that uses AWS AppSync as the API layer and Cognito User Pool as the authentication service. There can be web / mobile users using the application. Each authenticated user should be able to upload photos to the S3 bucket. I am using Dynamo DB as the database.

What is the best way to implement the file upload process with the below requirements,

  1. Each Cognito authenticated user should be able to upload/view photos in the s3 bucket.
  2. The user should be able to upload multiple photos
  3. Each file upload should be recorded in the database.

I saw there is a way to upload files with AWS pre-signed URL's but can I upload multiple files with that approach?

Since I have the Cognito authentication is there a direct way for authenticated users to access S3 buckets rather than pre-signed URLs?

Arunwij
  • 390
  • 1
  • 4
  • 22

1 Answers1

0

If you are already using Cognito, you can secure your API Gateway method (the specific REST API method) with a Cognito User Pool.

That means you would have the following flow:

App -> HTTP request with Cognito Authorization Header -> API Gateway -> API Gateway method with Authorization set-up -> Lambda -> S3.

API Gateway’s Authorization settings would take care of securing the endpoint.

This is the guide for setting it up: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html

Daniel Apt
  • 2,468
  • 1
  • 21
  • 34