Uploading files directly to S3, instead of an intermediate server, is a great way to reduce server load. While this demo uses Python and Flask, the code should be simple to translate to other languages and frameworks.

http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-authentication-HTTPPOST.html

When this demo was created, the majority of direct to S3 upload examples used AWS Signature Version 2. However, only Signature v4 is supported in new AWS regions like Frankfurt (eu-central-1).

The form-based example requires only HTML, no JavaScript. Its simplicity makes it a useful tool to explore API options.

The Dropzone-based example demonstrates CORS compatibility and dynamic S3 object keys. Hopefully it also demonstrates that, with a little polishing, direct to S3 upload can provide an excellent user experience.

http://www.dropzonejs.com/

For JavaScript-based uploads, a CORS policy must be added to the bucket. An example policy in included: doc/cors.xml

Using your root AWS credentials is not recommended. Instead, for improved security, create a dedicated IAM user and attach a custom inline policy. An example policy is included: doc/iam.json

It is often desirable to automatically delete uploaded files after a delay. One easy way to accomplish this is using S3 Lifecycle rules. For example, if a dedicated bucket is used for uploads, the bucket could be configured to delete all objects one day after creation.

virtualenv venv
source venv/bin/activate
pip install -r requirements.txt

export AWS_ACCESS_KEY_ID=AKI0123456789ABCDEF
export AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
export S3_REGION=eu-central-1
export S3_BUCKET=incoming-bucket

./application.py

open http://localhost:5000

Alternatively, instead of exporting environment variables manually, foreman can run the application using variables from a .env file. An example file is included: doc/example.env

http://ddollar.github.io/foreman/

heroku create
heroku config:set AWS_ACCESS_KEY_ID=AKI0123456789ABCDEF
heroku config:set AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
heroku config:set S3_REGION=eu-central-1
heroku config:set S3_BUCKET=incoming-bucket
git push heroku master
heroku open

Only one file can be uploaded per POST request.

The file field must be the last field in the POST payload. For JavaScript-based uploads, this means it may be necessary to pass arguments or construct objects carefully in order to ensure the file field gets sent last.

If your application allows anonymous file upload, you should not allow anonymous download of the same file. Otherwise, your application could be abused to share undesirable content. The included example policy files demonstrate how to implement write only access.