Learn S3 signed URLs from our free email-based course
Learn the basics of cloud-native file handling:
Why serverless needs a new way to distribute files
How to implement signed URLs on the backend and the frontend
How permissions work with signature-based downloads
Tamás Sallai
If Mailchimp says you are already signed up to the list then update your profile by following the instructions and check the "S3 signed URLs" course checkbox.
If you subscribe to this course you also sign up to our mailing list (Why is that?).
Learn how to use CloudFront from our free email-based course
Learn the basics of CloudFront configuration and:
Take advantage of AWS's global distribution network
Use path-based routing to add an entry point to your cloud infrastructure
Utilize caching on the edge locations
Tamás Sallai
If Mailchimp says you are already signed up to the list then update your profile by following the instructions and check the "CloudFront essentials" course checkbox.
If you subscribe to this course you also sign up to our mailing list (Why is that?).
Learn how to use async functions in Javascript from our free email-based course
Learn the basics of async/await and master asynchronous workflows in Javascript.
Learn:
How async functions work and how to use the await keyword
How to use the Promise constructor
How to implement proper error handling in an async environment
Tamás Sallai
If Mailchimp says you are already signed up to the list then update your profile by following the instructions and check the "Async functions in Javascript" course checkbox.
If you subscribe to this course you also sign up to our mailing list (Why is that?).
Learn the basics of serverless computing on AWS from our free email-based course
Learn the parts that are needed to make a serverless API on AWS:
Write a Lambda function and add IAM permissions to it
Add API Gateway for an HTTP endpoint
Use DynamoDB to store data
Tamás Sallai
If Mailchimp says you are already signed up to the list then update your profile by following the instructions and check the "Serverless computing on AWS" course checkbox.
If you subscribe to this course you also sign up to our mailing list (Why is that?).
Join our mailing list
We write articles like this regularly. Let's keep in touch and:
Download our ebook on AWS security basics
Get access to our courses
Get notified on new articles and updates
AWS S3 Signed URLs Handbook free chapters
Thank you for your interest in the book! By signing up to the free chapters you'll receive 4 emails, each with a different part of the book.
The included chapters:
Introduction and use cases
The architecture of signed URLs
Backend implementation with Node.js
Least privilege with dedicated roles
If Mailchimp says you are already signed up to the list then update your profile by following the instructions and check the "AWS S3 Signed URLs Handbook" checkbox under "Free chapters".
If you subscribe to this course you also sign up to our mailing list (Why is that?).
Javascript on AWS Lambda free chapters
Thank you for your interest in the book! By signing up to the free chapters you'll receive 4 emails, each with a different part of the book.
The included chapters:
Introduction and the Lambda execution model
Cold starts
Async programming model
Storing secrets in SSM Parameter Store
If Mailchimp says you are already signed up to the list then update your profile by following the instructions and check the "Javascript on AWS Lambda" checkbox under "Free chapters".
If you subscribe to this course you also sign up to our mailing list (Why is that?).
Large files can play well with AWS Lambda
Serverless computing is about short functions that run fast and only for a short duration. On the other hand, files can be arbitrarily large, and sending them through ephemeral functions can easily hit a limit of the runtime.
This is the problem S3 signed URLs solve.
Learn how to implement a serverless-friendly, robust, and secure solution to handle files using signed URLs.
Want a sneak peek? Sign up for free chapters here:
Handling files in a serverless environment
Serverless functions are designed to be run for a short duration, handle small amounts of data, then terminate quickly. This is great to provide an HTTP API that users can call to interact with your app but is terrible for large downloads or uploads.
S3 on the other hand is to handle arbitrarily large files and can handle long downloads and uploads and terabytes of data.
URL signing is a mechanism to combine the best parts of the two services. The Lambda function decides who and how can download and upload files, but the actual transfer is handled by the S3 service.
"But a signed URL is just a function call!"
When I started working with signed URLs I quickly realized how easy it is to end up with a solution that is not reliable and not secure. This prompted me to learn how it works and what services are taking part.
Signed URLs change how you think about files and access control.
And the best part is that this knowledge is transferrable between clouds. The services and the details are different, but the underlying mechanism is the same for all providers that offer this functionality.
Learn how to implement a secure and robust file-handling solution
This book is a thorough introduction to signed URLs. You'll learn:
Why serverless needs a new model to handle files
What services work together when you sign a URL
Backend and frontend implementations
How to secure your implementation and what are the usual problems
Solutions to common use-cases
...and more!
Screenshots
Table of contents
Chapter 1: Overview Use cases From servers to serverless 3-tier architecture Serverless architecture Signed URLs for S3 Credentials URL structure Expiration time Security of S3 signed URLs Algorithm Bandwidth control Implementation disclosure Revocation
Chapter 2: Implementation Sample code Infrastructure Bucket Object Function Execution role Backend with Node.js S3 service Sign URLs Frontend
Chapter 3: Specific use-cases Least privilege with dedicated roles CORS Using HTTP redirects How to check if a file exists before signing How to set the filename Integrate with CloudFront Caching Uploading files Handling encrypted data Permanent URLs
Hey, I'm Tamás! I co-author the advancedweb.hu blog and if you're here there is a good chance you've already read some of my articles.
I'm a software developer focusing mostly on cloud computing and web technologies. I'm especially interested in how to handle edge cases to end up with dependable software.
One of my main focus is security and how each part affects the whole system. I'm an AWS-certified security specialist.
Tamás Sallai 
