Best practices to redirect a HTTP POST to my REST API towards my S3 bucket?

Question

Say we want a REST API to support file uploads, and we want uploads to be done directly on S3.

According to this solution Amazon S3 direct file upload from client browser - private key disclosure, we have to create POLICY and SIGNATURE for user to be allowed to upload to S3.

However, we want a single entry point for the API, including uploads.

Can we:
1. in our API, catch POST https://www.example.org/users/1234/objects
2. calculate POLICY and SIGNATURE to allow direct upload to S3
3. return a 307 "Temporary Redirect" to https://s3-bucket.s3.amazonaws.com

How to pass POLICY and SIGNATURE in the redirect?

What is best practice here?

score 1 · Accepted Answer · answered Mar 03 '14 at 18:02

1

You dont redirect, instead your API should return the policy and signature in the response (say in JSON).

Then the browser can use these values to directly upload to S3 as in the document. This is a two step process.

answered Mar 03 '14 at 18:02

Sony Kadavan

1 Answers1