cover image: Photo by Francesco Ungaro on Unsplash
In this article, we will talk about creating an AWS REST API as an AWS S3 proxy and delivering images in an S3 bucket through the API gateway.
What are the different ways to deliver images in the s3 bucket?
Deliver images using public S3 URLs
Deliver images in S3 using AWS Lambda API Gateway Integration
Creating an AWS REST API as an S3 proxy
Why deliver images in the S3 bucket through the API gateway?
The simplest way to deliver images in the S3 bucket is public S3 URLs. However, the major drawback of this approach is that the S3 bucket will be public. Public cloud resources are vulnerable to attacks, and avoiding public cloud resources is a good practice.
AWS API gateway will be a public interface for most endpoints. Many security methods can be used with AWS API gateway such as IAM, request throttling, and many more.
AWS Lambda can be integrated into the AWS API gateway. Images in an S3 bucket can be delivered using a Lambda. But then we have to develop and maintain an additional Lambda function. Also, there will be an extra cost for it.
When we use AWS API Gateway REST API as an S3 proxy, we can use security features in the AWS API gateway and we do not want to maintain an additional Lambda function. Also, we can keep our S3 bucket as a private resource.
Use AWS API Gateway REST API as an S3 proxy
I explain the method using an example scenario. Also, I write this article with multiple steps for better understanding. Names and AWS regions can be changed according to the requirements. I use the new version of the AWS console (as of March 2024) in this article.
- Create an IAM role for allowing API gateway to access S3 bucket objects
- Create an S3 bucket and upload an image
- Create an AWS API Gateway REST API
- Create REST resource
- Create REST method
- Configure method request
- Configure integration request
- Configure integration response
- Configure Method response
- Enable binary support in API Gateway
1. Create an IAM role for allowing API gateway to access S3 bucket objects
- Log into the AWS console
- Navigate to
IAM→Roles - Click on the
Create rolebutton - Select
Custom trust policyas the trusted entity type - Enter the following policy as the custom trust policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "apigateway.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
- Click on the
Nextbutton - Search for
AmazonS3ReadOnlyAccessand select it - Then Click on the
Nextbutton - Enter a role name as
iam-test-role - Then click on the
Create rolebutton
2. Create an S3 bucket and upload an image
- Log into the AWS console
- Navigate to
S3 - Click on the
Create bucketbutton - Select
us-east-1as the region - Enter
api-gw-image-test-s3as the bucket name - Leave default values for other configurations
- Click on the
Create bucketbutton - Create a folder named
images - Upload an image into the created folder
3. Create an AWS API Gateway REST API
- Log into your AWS console
- Navigate to
API Gateway→APIs - Click on the
Create APIbutton - Click on the
Buildbutton onRest APIpane - Select
New APIand usetest-apias the name - Leave default values for other configurations
- Then click on the
Create APIbutton
4. Create REST resource
- Click on the
Create resourcebutton - Create a resource and create REST resource
s3
5. Create REST method
- Click on the
Create methodbutton to create a method - Choose as following
- Method type → GET
- Integration type → AWS service
- AWS Region → us-east-1
- AWS service → Simple Storage Service (S3)
- HTTP method → GET
- Action type → Use path override
- Path override → api-gw-image-test-s3/images/{image}
- Execution role → arn of the created aws role in the step (1)
- Leave the other options as default
- Click on the
Create methodbutton
6. Configure method request
- Select
Method requesttab pane - Click on
Editbutton - Expand
URL query string parameters - Click on
Add query stringbutton - Enter
imageas the Name - Check
Requiredbutton - Click on
Savebutton
7. Configure integration request
- Select
Integration requesttab pane - Click on
Editbutton - Select
When there are no templates defined (recommended)asRequest body passthrough - Expand
URL path parameters - Click on
Add path parameterbutton - Enter
imageas the name - Enter
method.request.querystring.imageas the path - Expand
URL request headers parameters - Click on
Add query string parameterbutton - Enter
AcceptasName - Enter
'*/*'(Value should be given with single quotes) asMapped from - Click on
Savebutton
8. Configure integration response
- Select
Integration responsestab pane - Delete
Default - Response - Click on
Create response - Enter
2\d{2}as HTTP status regex - Click on
Createbutton
9. Configure Method response
- Select
Method responsestab pane - Click on
Editbutton onResponse 200 - Click on
Add headerbutton - Enter
Content-TypeasHeader name - Remove
Response bodyitems - Click on
Savebutton - Then again select
Integration responsestab pane - Click on
Editbutton - Enter
'*/*'(Value should be given with single quotes) asMapping valueof theContent-Typeresponse header - Click on
Savebutton
10. Enable binary support in API Gateway
- Navigate to
API settings - Click on
Manage media typebutton onBinary media types - Click on
Add binary media typebutton - Enter
*/*asBinary media type - Click on
Save changes
Finally,
- Click on
Deploy APIand do an API Gateway deployment - Enter the invoked URI on the browser with the image query string (e.g.: https://aabhd7xr1z.execute-api.us-east-1.amazonaws.com/test/s3?image=porsche-911.jpg)
- Ultimately, the Image is displayed in the browser
Summary
In this article, we have discussed creating an AWS REST API as an Amazon S3 proxy and delivering images in an S3 bucket through the API gateway. We can use AWS API Gateway as a secure and cost-effective way to deliver S3 images.
Top comments (0)