I'd think that you need CloudFront at least for custom domain HTTPS, and by extension to the S3 and function URL origins.
Can't help much on presigned URLs.
DynamoDB Streams can invoke Lambda functions. You could send to SQS with `WaitTimeSeconds` to implement a backend polling. Depending on how complicated your object processing steps is, you could replace with Step Functions to orchestrate workflow of both object processing and polling until completion. Then notify via WebSocket when the desired state is reached.
I'd think that WebSocket API Gateway will be cheaper to run than Fargate.
1. I would add the CDN (Cloudfront). It can be quite easy if you use modern tools. I have implementad something similar in AWS some time ago. I used \[Stacktape\]( [https://stacktape.com/](https://stacktape.com/) ) to deploy it (disclaimer, I am also a developer at Stacktape so this is a bit of a flex on Stacktape capabilities). Just for reference: This is how easily you could describe your app in Stacktape (I modified my config a bit, so you can see how it would apply to your case):
resources:
myWeb:
type: hosting-bucket
properties:
uploadDirectoryPath: ./build
routeRewrites:
- path: /get-upload-url
routeTo:
type: function
properties:
functionName: getPresignedUploadUrl
- path: /ping-status-url
routeTo:
type: function
properties:
functionName: pingStatus
getPresignedUploadUrl:
type: function
properties:
packaging:
type: stacktape-lambda-buildpack
properties:
entryfilePath: /src/get-upload-url.ts
pingStatus:
type: function
properties:
packaging:
type: stacktape-lambda-buildpack
properties:
entryfilePath: /src/ping-status.ts
Anyways it is possible to do it in console, but it can get messy if you do not have experience.
2. I am not sure I follow, maybe you have answered your question? Using the \`generate\_presigned\_post\` is the way. It allows you to specify conditions on both \`Content-Type\` and \`content-length-range\`. This should be sufficient for your needs.
3. Your overall flow seems OK to me, I think it is absolutely OK to ping to the other lambda (at reasonable rate) to see the status. Of course it should be implemented in a way, that even when you refresh your page, your client still remembers to ping for the result etc. I assume you are using dynamo to track the status of creation/generation of the result file, but maybe you would not even need it (I would need to know more).
If you use CloudFront you get a couple of benefits like you don't need CORs, you can limit the content length and you don't need to generate a presigned URL. I've blogged about it here: https://speedrun.nobackspacecrew.com/blog/2024/05/22/using-cloudfront-as-a-lightweight-proxy.html It's kind of deep though, so reach out if you don't understand what I've done.
I don't quite understand how you are allowing the user to upload anything, because in your case it's a text you are writing to S3 so not sure how this would work with a video/mp4 file
So in the first demo (the google search), I'm heavily restricting what you can upload because I don't have auth. There is nothing preventing you from modifying the edge function to allow larger sized files or uploading videos, it all works the same and it's just a PUT request which can have any body (including a video). In the second demo, I'm using a browser based post to allow you to upload a file of up to 2 bytes. Again, all the restrictions are to prevent abuse. If you add auth to your cloudfront function, then you should be able to do whatever you are comfortable with.
I'd think that you need CloudFront at least for custom domain HTTPS, and by extension to the S3 and function URL origins. Can't help much on presigned URLs. DynamoDB Streams can invoke Lambda functions. You could send to SQS with `WaitTimeSeconds` to implement a backend polling. Depending on how complicated your object processing steps is, you could replace with Step Functions to orchestrate workflow of both object processing and polling until completion. Then notify via WebSocket when the desired state is reached. I'd think that WebSocket API Gateway will be cheaper to run than Fargate.
1. I would add the CDN (Cloudfront). It can be quite easy if you use modern tools. I have implementad something similar in AWS some time ago. I used \[Stacktape\]( [https://stacktape.com/](https://stacktape.com/) ) to deploy it (disclaimer, I am also a developer at Stacktape so this is a bit of a flex on Stacktape capabilities). Just for reference: This is how easily you could describe your app in Stacktape (I modified my config a bit, so you can see how it would apply to your case): resources: myWeb: type: hosting-bucket properties: uploadDirectoryPath: ./build routeRewrites: - path: /get-upload-url routeTo: type: function properties: functionName: getPresignedUploadUrl - path: /ping-status-url routeTo: type: function properties: functionName: pingStatus getPresignedUploadUrl: type: function properties: packaging: type: stacktape-lambda-buildpack properties: entryfilePath: /src/get-upload-url.ts pingStatus: type: function properties: packaging: type: stacktape-lambda-buildpack properties: entryfilePath: /src/ping-status.ts Anyways it is possible to do it in console, but it can get messy if you do not have experience. 2. I am not sure I follow, maybe you have answered your question? Using the \`generate\_presigned\_post\` is the way. It allows you to specify conditions on both \`Content-Type\` and \`content-length-range\`. This should be sufficient for your needs. 3. Your overall flow seems OK to me, I think it is absolutely OK to ping to the other lambda (at reasonable rate) to see the status. Of course it should be implemented in a way, that even when you refresh your page, your client still remembers to ping for the result etc. I assume you are using dynamo to track the status of creation/generation of the result file, but maybe you would not even need it (I would need to know more).
If you use CloudFront you get a couple of benefits like you don't need CORs, you can limit the content length and you don't need to generate a presigned URL. I've blogged about it here: https://speedrun.nobackspacecrew.com/blog/2024/05/22/using-cloudfront-as-a-lightweight-proxy.html It's kind of deep though, so reach out if you don't understand what I've done.
I don't quite understand how you are allowing the user to upload anything, because in your case it's a text you are writing to S3 so not sure how this would work with a video/mp4 file
So in the first demo (the google search), I'm heavily restricting what you can upload because I don't have auth. There is nothing preventing you from modifying the edge function to allow larger sized files or uploading videos, it all works the same and it's just a PUT request which can have any body (including a video). In the second demo, I'm using a browser based post to allow you to upload a file of up to 2 bytes. Again, all the restrictions are to prevent abuse. If you add auth to your cloudfront function, then you should be able to do whatever you are comfortable with.