A beautiful temple-themed file upload system built with AWS Lambda
View Full Project on GitHub🌟 Features
🏯 Temple-inspired Design
Animated design with floating elements and sacred-themed UI
📁 Secure File Upload
Secure file upload to AWS S3 bucket with encryption
💾 Metadata Storage
Comprehensive metadata storage in DynamoDB table
🔗 Auto-generated URLs
Auto-generated presigned URLs for secure file access
📱 Fully Responsive
Responsive design that works on all devices
⏳ Temporary Links
1-hour temporary download links for enhanced security
🛠️ Tech Stack
AWS Lambda (Python)
Amazon S3
Amazon DynamoDB
HTML5
CSS3
JavaScript
Custom CSS Animations
🌐 Architecture Overview
High-Level Design
Serverless File Upload System with AWS Services
AWS Components and Purpose
| Component | AWS Service | Description / Purpose |
|---|---|---|
| 🗂 File Storage | Amazon S3 | Secure, scalable storage for user-uploaded files and static assets |
| ⚡ Compute | AWS Lambda | Serverless backend for processing file uploads and triggering workflows |
| 📊 Database | Amazon DynamoDB | NoSQL database to store file metadata and user access details |
| 🔐 Security | AWS IAM Policies | Manages permissions and access control for secure interactions |
Workflow Summary
- User Uploads a File → Through an API endpoint
- API Gateway → Routes request securely to AWS Lambda
- Lambda Function → Validates, processes, and uploads file to Amazon S3
- DynamoDB → Stores metadata like file name, timestamp, and user details
- Lambda → API Gateway → User → Returns success response with download link
⚙️ AWS Services Configuration
2.1 Amazon S3 Bucket Setup
The S3 bucket is used for secure file storage, enabling temporary access links with expiration policies to ensure data privacy and controlled sharing.
Configuration Details
| Setting | Value | Purpose |
|---|---|---|
| Bucket Name | majisimpleb |
Unique name for storing uploaded files |
| Region | ap-south-1 |
Asia Pacific (Mumbai) for low latency |
| Access Control | Private (Default) | Prevents public access to files by default |
| Temporary URL | Enabled via pre-signed URLs | Provides time-limited secure access |
| Lifecycle Policy | Enabled | Automatically manages file expiration |
Step-by-Step Setup Guide
- Open AWS Console → Navigate to S3 Service
- Click "Create Bucket"
- Enter Bucket Name:
majisimpleb - Select Region:
ap-south-1 (Asia Pacific - Mumbai) - Uncheck "Block All Public Access" (for pre-signed URLs)
- Enable Bucket Versioning (recommended for file recovery)
- Click Create Bucket to finalize
- Configure Bucket Policies and IAM Roles to restrict access
2.2 Amazon DynamoDB Table Setup
The DynamoDB table stores file metadata, allowing secure tracking of files, managing expiration policies, and generating download statistics.
Configuration Details
| Setting | Value | Purpose |
|---|---|---|
| Table Name | lambda |
Stores metadata for uploaded files |
| Partition Key | id (String) |
Unique identifier for each file |
| Capacity Mode | On-Demand | Automatically scales read/write capacity |
| Encryption | AWS Managed Key (KMS) | Ensures data encryption at rest |
| Backup | Point-in-Time Recovery | Enables data restoration for 35 days |
Data Stored in DynamoDB
| Field | Type | Description |
|---|---|---|
id |
String | Unique file identifier |
original_filename |
String | Actual name of the uploaded file |
upload_timestamp |
String | Exact time the file was uploaded |
expiration_time |
String | When the file should expire and be deleted |
s3_object_reference |
String | Direct reference to S3 object key |
download_count |
Number | Tracks download frequency |
Step-by-Step Setup Guide
- Open AWS Console → Navigate to DynamoDB Service
- Click Create Table
- Configure basic settings:
- Table Name:
lambda - Partition Key:
id (String)
- Table Name:
- Under Capacity Mode, select On-Demand
- Enable Encryption using AWS Managed Key (KMS)
- Turn on Point-in-Time Recovery for backups
- Click Create Table to finalize
2.3 IAM Policies and Roles
The IAM Role ensures secure interaction between AWS Lambda, S3, and DynamoDB following the least privilege principle.
Configuration Details
| Setting | Value | Purpose |
|---|---|---|
| Execution Role | AWSLambdaBasicExecutionRole |
Base role for Lambda to run securely |
| Managed Policy #1 | AmazonS3FullAccess |
Allows Lambda to read/write S3 objects |
| Managed Policy #2 | AmazonDynamoDBFullAccess |
Allows Lambda CRUD operations on DynamoDB |
Purpose of IAM Role
| Component | Access Granted | Why It's Needed |
|---|---|---|
| Lambda → S3 | Read / Write | Upload, retrieve, and delete files in bucket |
| Lambda → DynamoDB | Full CRUD Operations | Manage file metadata efficiently |
| Lambda → CloudWatch | Logs & Monitoring | Monitor execution and debug errors |
Step-by-Step Setup Guide
- Open AWS Console → Navigate to IAM Service
- Click Roles → Create Role
- Choose Trusted Entity: AWS Service → Select Lambda
- Attach Managed Policies:
AWSLambdaBasicExecutionRole(for logging)AmazonS3FullAccess(for S3 operations)AmazonDynamoDBFullAccess(for DynamoDB access)
- Review and Create Role
- Assign this role to your Lambda function
🔄 Application Workflow
| Step | Action | AWS Service | Outcome |
|---|---|---|---|
| 1️⃣ | User Interface | Web App (HTML, CSS, JS) | User selects file using secure web form |
| 2️⃣ | Lambda Trigger | AWS Lambda | API Gateway sends file data to Lambda |
| 3️⃣ | S3 Storage | Amazon S3 | File stored securely with unique identifier |
| 4️⃣ | Metadata Recording | Amazon DynamoDB | File details saved in database |
| 5️⃣ | URL Generation | AWS Lambda + S3 | Pre-signed URL generated with 1-hour expiration |
| 6️⃣ | User Feedback | API Gateway → Web App | User receives success message with download link |
🛡️ Security Features
Access Control
- 🧑💻 IAM Roles with least privilege
- 🚫 No Public S3 Access by default
- 🗂 Granular DynamoDB Policies
Data Protection
- ⏳ Temporary URLs with expiration
- 🔒 No Persistent Public Links
- 🗄 Secure Metadata Storage
Monitoring & Logging
- 📂 S3 Access Logs
- 🔍 DynamoDB Query Logs
- 📊 CloudWatch Monitoring
Temporary URL Mechanism
Secure file sharing using pre-signed S3 URLs with 1-hour expiration:
| Feature | Purpose |
|---|---|
| ⏳ 1-Hour Expiration | Limits link validity to prevent unauthorized access |
| 🔒 No Public Access | Files remain private inside S3 bucket |
| 🚀 Secure Sharing | Shareable only via temporary Lambda-generated links |
| ♻️ Auto Cleanup | Expired links and files automatically removed |
🚀 Deployment Steps
6.1 Infrastructure Setup
Create S3 Bucket
aws s3api create-bucket --bucket majisimpleb --region ap-south-1
Create DynamoDB Table
aws dynamodb create-table \
--table-name lambda \
--attribute-definitions AttributeName=id,AttributeType=S \
--key-schema AttributeName=id,KeyType=HASH \
--billing-mode PAY_PER_REQUEST
--table-name lambda \
--attribute-definitions AttributeName=id,AttributeType=S \
--key-schema AttributeName=id,KeyType=HASH \
--billing-mode PAY_PER_REQUEST
6.2 IAM Role Configuration
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::majisimpleb/*"
},
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:GetItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem"
],
"Resource": "arn:aws:dynamodb:ap-south-1:*:table/lambda"
}
]
}6.3 Lambda Function Deployment
Configuration
| Setting | Value / Description |
|---|---|
| Runtime | Python 3.9 / Node.js 16.x |
| Handler | Processes upload events from API Gateway |
| Environment Variables |
S3_BUCKET=majisimplebDYNAMODB_TABLE=lambdaURL_EXPIRATION=3600 (1 hour)
|
Lambda File Overview: Contains main logic for file validation, S3 storage, DynamoDB metadata recording, and pre-signed URL generation.
📦 Usage Instructions
- Access the Upload Portal - Open the web interface in your browser
- Select File - Choose the file to upload using the file picker
- Initiate Upload - Click the "Upload File" button
- Receive Link - Copy the temporary download link after successful upload
- Share Securely - Distribute the link only with intended recipients
Note: Download links automatically expire after 1 hour for security.
💰 Cost Optimization
- Pay-per-use Pricing: Only pay for actual service usage
- Serverless Architecture: No idle resource costs
- Automatic Scaling: Handles varying workloads seamlessly
- Zero Maintenance: No need to manage servers or infrastructure
📝 Project Summary
The Sacred Temple File Uploader is a secure, scalable, and fully serverless file upload solution built on AWS. It showcases modern cloud architecture patterns, including:
- Event-driven processing: AWS Lambda handles uploads automatically
- Managed services: S3 for storage and DynamoDB for metadata ensure reliability
- Secure access: IAM policies enforce least-privilege access
- Cost-efficiency: Pay-per-use model with automatic scaling
By combining S3, Lambda, DynamoDB, and IAM, this solution provides a highly available, maintainable, and secure file upload service without server management.
Best Practices Implemented:
- Proper security configurations
- Error handling and logging
- Cost optimization strategies
- Seamless user experience for secure file sharing
