I have a serverless application that uses AWS AppSync as the API layer and Cognito User Pool as the authentication service. There can be web / mobile users using the application. Each authenticated user should be able to upload photos to the S3 bucket. I am using Dynamo DB as the database.
What is the best way to implement the file upload process with the below requirements,
- Each Cognito authenticated user should be able to upload/view photos in the s3 bucket.
- The user should be able to upload multiple photos
- Each file upload should be recorded in the database.
I saw there is a way to upload files with AWS pre-signed URL's but can I upload multiple files with that approach?
Since I have the Cognito authentication is there a direct way for authenticated users to access S3 buckets rather than pre-signed URLs?
If you are already using Cognito, you can secure your API Gateway method (the specific REST API method) with a Cognito User Pool.
That means you would have the following flow:
App -> HTTP request with Cognito Authorization Header -> API Gateway -> API Gateway method with Authorization set-up -> Lambda -> S3.
API Gateway’s Authorization settings would take care of securing the endpoint.
This is the guide for setting it up: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html