Web and mobile applications often provide their users ability to upload files, documents or pictures. A good and now common practice is to upload them directly to Amazon S3, using pre-signed URLs. To generate this pre-signed URL, you have to use the AWS SDK (generally in an AWS Lambda function), and expose the feature to the client through an API (with Amazon API Gateway).

The infrastructure deployed by this pattern contains an API Gateway REST API, exposing a Lambda function that will generate the S3 pre-signed URL and return it to the client. The API, the Lambda function and the S3 bucket handle CORS headers so that there is no error on the client side. The API is protected by a Cognito User Pool.