AWS: Create an Lambda function that returns a Presigned URL to upload an image to a S3 bucket,Node.js

This tutorial aims at providing basic steps required to create a Lambda which will provide a Presigned URL that can be used to upload an object to the AWS S3 bucket. Upload is tested here with Postman.

What is s3 ?

Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services that provides object storage. An object consists of a file and optionally any metadata that describes that file. S3 helps to store the objects in buckets, which are more or less like file folders.


What is  presigned URL for s3?

A presigned URL gives you access to the object identified in the URL, provided that the creator of the presigned URL has permissions to access that object. That is, if you receive a presigned URL to upload an object, you can upload the object only if the creator of the presigned URL has the necessary permissions to upload that object.


What is ARN?

Amazon Resource Names (ARNs)  are identifiers used to uniquely identify AWS resources




Step 1: Create a bucket to store image.

Go to services->s3->create bucket

Give a name like fortestinglambda

Provide public access to the bucket for now and leave everything else as default.



step 2:  Create an IAM user with access to s3 service.

Go to services->s3->IAM->users

Create an IAM user, create a user group with full access permission for amazon s3 services, copy the Access key ID and Secret access key.

Creating the user group is below

inline policies can be added to the user after creation as well.  Using this way policies can be added without creating a group.



step3: Provide the bucket policy so that the IAM user created in step 2 will have access to bucket.

Navigate to services->s3,click on your bucket name and navigate to permissions->bucket policy

Add the following JSON to provide access for the IAM user to write to bucket. Principal key indicates the ARN for the IAM user created who has the access key ID and secret key for accessing the bucket.

The resource key indicates the ARN for the bucket.



step3 :  Create a Lambda which will have an API Gateway trigger

Goto services->Lambda and click Create function. 

Create a new REST api with open permissions for now. Security should be added, but for now, leave it open. Link with steps to creating Lamba is here  Creating a lambda and editing in the cloud9.

Copy the API gateway URL



step4 : Add code to process a post request in Lambda that will generate presigned URL

The request to generate the presigned URL will be handled as a GET request here.

Goto  IAM>users click on the user who has S3 permissions, created in step 2, go to security credentials and copy the accessKeyId and secretAccessKey (Generate if not already there)

createPresignedPost method of the S3 class of AWS SDK provides the S3 URL. Remember the key value in params and your file name should be the same.


Provide the POST request and the URL will give a response like the following.



step:5  Making the request to the presigned URL from Postman.

The response has a  key URL which will have the URL to which a POST request can be sent to save the object to the Bucket. Choose form-data option in the Postman, add all the values in fields and add a file with name file like the following and sent the request. Remember, the key should be the same while creating the URL and sending this request.

The file will be saved .



Now more security should be added at API Gateway level and bucket policy, bucket public access, bucket CORS policy  and IAM user level


Stay tuned ..more to follow..a better version to follow.

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *