Menu
I'm following this tutorial to implement generate thumbnail on fly with s3 and lambda. I'm stuck on redirect non-exist request to lambda
My s3 bucket is private, and I use pre-signed url with Cognito idtoken to access its content, it works.
Now if I make a request to a thumbnail that hasn't been generated(not exist in s3), I want s3 to redirect the request to lambda. I can not figure out how to do this.
here is the s3 routeing roles
<RoutingRules>
<RoutingRule>
<Condition>
<KeyPrefixEquals/>
<HttpErrorCodeReturnedEquals>404</HttpErrorCodeReturnedEquals>
</Condition>
<Redirect>
<Protocol>https</Protocol>
<HostName>MY_LAMBDA_DOMAIN</HostName>
<ReplaceKeyPrefixWith>dev/photos?key=</ReplaceKeyPrefixWith>
<HttpRedirectCode>307</HttpRedirectCode>
</Redirect>
when I access a non-exist thumbnail with pre-signed URL, it gives me 403 error, so I try to pre-signed the url with s3 end point
const s3 = new AWS.S3({endpoint: 'http://s3-website.us-east-2.amazonaws.com'})
s3.getSignedUrl('getObject', {
Bucket: BUCKET,
Key: 'userId/test-thumb.jpg',
Expires: signedUrlExpireSeconds
})
this time it give me 404 and error message and still not redirect request to lambda
I notice that in the tutorial I mentioned above, it use public s3 bucket. I'm not sure is it possible to implement this solution in a private bucket.
Does it has anything to do with s3 policy? currently no policy is attached to my private bucket
Any suggestion will be appreciated, thanks
577
Amazon S3 can send an event to a Lambda function when an object is created or deleted. You configure notification settings on a bucket, and grant Amazon S3 permission to invoke a function on the function's resource-based permissions policy.
Add below Bucket Access policy to the IAM Role created in Destination account. Lambda function will assume the Role of Destination IAM Role and copy the S3 object from Source bucket to Destination. In the Lambda console, choose Create a Lambda function. Directly move to configure function.
API Gateway sets the s3-host-name and passes the client specified bucket and key from the client to Amazon S3. (Optional) In Path override type /. Copy the previously created IAM role's ARN (from the IAM console) and paste it into Execution role. Leave any other settings as default.
There is no way to do what you are trying using S3 alone. S3 doesn't allow redirection based on rules.
What you could do is try to achieve this using Cloudfront and Lambda@Edge.
You could look at the example of redirecting here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html
Basically, set up S3 as the Cloudfront backend, and then look at the example: "Example: Using an Origin-Response Trigger to Update the Error Status Code to 302-Found". This allows you to catch a 403 of 404 response, and then redirect on demand to another URL, like you Lambda function.
75
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
