This chapter is included in the free preview

Serverless example app

Follow along

Download the code from here, deploy in your own account, and follow this chapter first-hand.

In the previous chapter we've established the baseline of an app that relies on securely downloading and uploading files. We've seen how by using a server that is always available the backend code can do not only access control but also control over the transfer itself, such as terminating the upload if the user is trying to abuse the system.

In this chapter, we'll see how to implement the same in a serverless environment. The resulting app will work the same and implement the same functionality. But the architecture will be markedly different: it will run code in Lambda functions, store data in DynamoDB tables, and the files are served from S3. We'll discuss how these changes in the architecture affect the implementation for handling files and what are the best practices.


To see the functionality of the app, see the Using the app chapter.

To deploy the app, download the code from here and follow the instructions. Don't forget to clean up after you're done as the resources cost some money.

As in the previous chapter, we'll focus on how files are downloaded and uploaded.

Downloads are the easier, so we'll focus on that first. While that still requires some changes on the frontend, it is mostly straightforward.

Downloading a file using a signed URL

Then we'll detail uploads next. This is a more complex process that requires some extra steps from the frontend. We'll talk about how the implementation and then move on to discuss the reasoning behind the process.

Uploading files using signed URLs