Do I need CloudFront, how to put conditions for S3 presgined URL put and making a WS API with a standalone Fargate Task?


My frontend client is hosted on a s3 bucket which makes three API calls, two to lambdas which are currently done via lambda url and one to put a file to a S3 bucket via presigned url. One of the lambdas return a presigned url to for the client to upload a file to s3 bucket, which then client uses to put a file to s3 bucket. The second lambda is pinged every X second to check the state of the file and once it's processed, the second lambda generates a presigned get url for the object.

So my questions are:

  1. 1a Do I need a cloudfront distribution to bring everything under one domain? I have no need for caching, scaling or fast delivery. I'm not sure if I should use cloudfront's signed url if go down the cloudfront path. 1b If not cloudfront, what could I use to put everything together - both the client and the lambdas (maybe also the presigned urls)?
  2. How do I make the put and get presigned url only available for put or one get and for the put only allow a certain format (video/mp4 in my case) of a certain size? This is how I'm currently generating the presigned urls:
response = s3_client.generate_presigned_url(
                "Bucket": bucket_name,
                "Key": object_name,
                "ContentType": "video/mp4",

Maybe I should be using generate_presigned_post, but I can't find docs on how to put those into conditions

  1. Currently as you can see I'm pinging a lambda from the client in interval. I don't think it's the best solution. Essentially, the lambda in turn does a get_item on a DynamoDB table to get the status. I was wondering if it would easier to have a standalone Fargate task run and create a WS API for the client to establish a connection and the Fargate task watches for changes in DynamoDB table. In this case 3a) How can I watch for changes in a Dynamo Table? DymoDB Stream? 3b How can I expose the Fargate task for the client and it to tie up with the other lambda? Elastic IP?
1 Answer

1a. CloudFront can provide benefits like bringing everything under one domain and providing SSL termination. 1b. No other option without moving the client site off s3

  1. not tested but code should be like this
response = s3_client.generate_presigned_post(
        "Content-Type": "video/mp4"
        {"Content-Type": "video/mp4"},
        ["content-length-range", 0, 10485760]  # 10MB limit
  1. Configure S3 Event Notifications to trigger SNS and configure a API gateway web socket like below to read from that SNS topic.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions