DEV Community

Cover image for Uploading Files Using Pre-Signed URLs to a Specific Storage Class
Anshul Kichara
Anshul Kichara

Posted on

Uploading Files Using Pre-Signed URLs to a Specific Storage Class

Here’s a step-by-step guide on how to implement file uploads using pre-signed URLs to a specific storage class, specifically with AWS S3. I’ll cover how to generate a pre-signed URL in Python and how to use it in Postman.

Architecture:

Image description

Create an IAM User:

  • Sign in to the AWS Management Console.
  • Navigate to IAM (Identity and Access Management):
  • Open the IAM Console.
  • Create a New User:
  • Click on Users in the sidebar.
  • Click the Add user button.
  • Enter a user name (e.g., s3-uploader).
  • Select Programmatic access for the access type to generate an access key ID and secret access key.
  • Click Next: Permissions.

Create an S3 Bucket:

  • Navigate to S3:
  • Open the S3 Console.
  • Create a New Bucket:
  • Click on Create bucket.
  • Enter a unique bucket name (e.g., data-from-resign).
  • Choose a region.
  • Configure options as needed (default settings are usually sufficient for this example).
  • Click Create bucket.

[ Good Read: Comparison between Mydumper, mysqldump, xtrabackup]

You can check more info about: Pre-Signed URLs to a Specific Storage Class
.

Edit Cross-origin resource sharing (CORS):

[

{

    "AllowedHeaders": [

        "*"

    ],

    "AllowedMethods": [

        "PUT"

    ],

    "AllowedOrigins": [

        "https://example.com"

    ],

    "ExposeHeaders": []

}
Enter fullscreen mode Exit fullscreen mode

]

Attach a Custom Policy to the User:

  • Create a Custom Policy:
  • In the IAM Console, go to Policies.
  • Click Create policy.
  • Select the JSON tab and enter a policy that grants permission to upload files to your specific bucket. For example:



{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Sid": "VisualEditor0",

            "Effect": "Allow",

            "Action": "s3:PutObject",

            "Resource": "arn:aws:s3:::data-from-presign/*"

        }

    ]

}

- Click Next: Tags (optional) and then Next: Review.
- Provide a name (e.g., S3UploadPolicy) and description.
- Click Create policy.

## Attach the Policy to the User:

- Go to Users and select the user you created (s3-uploader).
- Click the Permissions tab.
- Click Add Permissions.
- Select Attach policies directly.
- Search for and select the policy you created (S3UploadPolicy).
- Click Next: Review and then Add permissions.

## Generate Programmatic Access Credentials:

- Get Access Keys
- Go to Users and select the user (s3-uploader).
- Click the Security credentials tab.
- Under Access keys, click Create access key.
- Download the CSV file containing the Access key ID and Secret access key or copy them. These are needed for programmatic access.

## Generate a Pre-Signed URL:
Using the AWS SDK (Boto3 for Python), generate a pre-signed URL. Here’s a Python script to do this:

import boto3
import botocore

# Assuming your S3 bucket name and image file name
ACCESS_KEY = 'access_key'
SECRET_ACCESS_KEY = 'secret_key'
BUCKET_NAME = 'data-from-presign'
OBJECT_KEY = 'image.png'
STORAGE_CLASS =  'ONEZONE_IA'

# Initialize a session using the AWS SDK for Python (Boto3)
session = boto3.Session(
    aws_access_key_id=ACCESS_KEY,
    aws_secret_access_key=SECRET_ACCESS_KEY,
    region_name='ap-south-1'  # Specify the region where your bucket is located
)

Enter fullscreen mode Exit fullscreen mode

Top comments (0)