I’m thinking something like this…
Currently we have the client request a signed URL (using API GW & Lambda). It then directly uploads the file to S3 and makes another call (API GW -> Lambda -> DynamoDB) to store information about the upload. This works for us because we need a lot more information than just a file being uploaded.
We’re doing the same as Buggy.
Client hits requests a S3.PresignedPost via APIG => Lambda which uploads directly to S3.
Then posts upload related details via APIG => Lambda => DynamoDB
I get a presigned URL via AWS IOT+lambda since my headless device is identified via a certificate instead of an AWS user ID. Another PUBLISH is used to load the metadata into DynamoDB. When I generate the pre-signed URL I put the CognitoID of the human owner in the file’s path.