AWS S3 and Mobile Phone Architecture

By : Maurice

Here goes:

I have a AWS S3 bucket with a folder and a mobile application.

I want to create a servlet in between these 2 such that the architecture is:

Phone < > Servlet < > S3

I don't want the phone to have direct access to the S3 and so the servlet will have the Access Key and Secret Key to do the uploading to and downloading from the S3 bucket using the credentials.

I want the phone to have a preview of the picture first, meaning he loads the image url like and and caches it in the phone. Previously I set the bucket policy to public so anyone has access to the picture but now I want to secure it, thus the additional layer of the servlet in between.

My idea is to have the phone send a POST request to the servlet. Servlet after authenticating the phone user will use the credentials to download the file from the S3 bucket. Servlet will then base64 encode the file and send it to the phone for display.

My question is, is there a better way to handle this? For example: Send a POST to the servlet. Servlet authenticates and somehow using the credentials, redirects the phone to the image url link on the bucket so that I can skip the base64 encoding portion.

Or is there a better and proper way to do this? Thanks!

By : Maurice


Keep in mind that pre-signed uRLs must have an expiration date. When I don't care about expanding or removing access at a later date, they are a great option. For full, immediate control, I've opted for intermediary servers to handle the S3 "housework."

Amazon S3 has a "Pre-signed URL" feature which allows you to build a URL to access otherwise-protected content, with a time limit. On their documentation page, look for "Query String Request Authentication Alternative"

You can have your servlet generate the signed URL and supply it to the client as a redirect.

This video can help you solving your question :)
By: admin