Skip to content
Avatar of vercelvercel/examples

AWS S3 Image Upload

Use AWS S3 to upload images to a bucket from a Next.js application.

Framework
Use Case
CSS
Database
AWS S3 Logo

Next.js + AWS S3 Upload

This is an example of a Next.js application allowing you to upload photos to an S3 bucket.

How to Use

Option 1: Use an existing S3 bucket.

Retrieve your existing access key, secret key, S3 bucket region and name. Provide those values after clicking "Deploy" to automatically set the environment variables.

Deploy with Vercel

Option 2: Create an S3 bucket.

Execute create-next-app with pnpm to bootstrap the example:

pnpm create next-app --example https://github.com/vercel/examples/tree/main/solutions/aws-s3-image-upload
  1. Create a new S3 Bucket.
    1. In Object Ownership, select "ACLs enabled" and "Bucket owner prefered"
    2. In Block Public Access settings for this bucket, uncheck "Block all public access".
  2. Create a new IAM User.
    1. Select "Attach policies directly".
    2. Add s3:DeleteObject, s3:GetObject, s3:ListBucket, s3:PutObject, s3:PutObjectAcl
  3. Save the access key and secret key for the IAM User.
    1. Select the newly created user (IAM > Users > "your-user") and navigate to "Security Credentials".
    2. Under "Access Keys", create a key and save this information. We will use this in the next step.
  4. Create an .env.local file similar to .env.example.
    1. In your env.local file, use the information from your access key, along with the region and bucket name.
    2. Do not adjust the naming of the keys, only input your values. This is to ensure S3 Client can read them as defaults.
  5. Configure CORS to enable uploads from your browser.
    1. Navigate to your bucket, and go to the "Permissions" tab.
    2. Scroll down to find "Cross-origin resource sharing (CORS)" and click "Edit" on the right side.
    3. Paste the following code below.
    [
    {
    "AllowedHeaders": [
    "*"
    ],
    "AllowedMethods": [
    "GET",
    "PUT",
    "POST",
    "DELETE"
    ],
    "AllowedOrigins": [
    "*"
    ],
    "ExposeHeaders": []
    }
    ]
  6. Run pnpm dev or npm run dev to start the Next.js app at http://localhost:3000.
  7. Choose a .png or .jpg file.
  8. You should see your file successfully uploaded to S3.

This example uses createPresignedPost instead of getSignedUrlPromise to allow setting max/min file sizes with content-length-range.

Deploy it to the cloud with Vercel (Documentation).

Credentials and Environment Variables

AWS credentials (e.g. AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) and region configuration (e.g. AWS_REGION) can now be used directly as environment variables for Vercel deployments.

These variables are the default names expected by the AWS SDK, which means the user no longer has to configure credentials when using it. For example, this code is no longer necessary:

const s3 = new S3Client({
accessKeyId: process.env.ACCESS_KEY,
secretAccessKey: process.env.SECRET_ACCESS_KEY,
region: process.env.REGION,
})

Instead, it can be replaced with this:

const client = new S3Client({ region: process.env.AWS_REGION });

Source: AWS Environment Variable Default “Load Credential”

The SDK will pick up the credentials from the environment automatically.

Commands

  • pnpm dev or npm run dev – Starts the Next.js app at localhost:3000.

Additional Resources

AWS Environment Variables

  • AWS Environment Variables: https://docs.aws.amazon.com/sdkref/latest/guide/settings-reference.html
  • AWS Environment Variable Default “Load Credential”: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html

AWS SDK - Presigned Post

  • How to use PresignedPost URLs (this example includes adding user id as metadata): https://advancedweb.hu/how-to-use-s3-post-signed-urls/
  • AWS SDK v3 - S3Client Initalization (see Usage): https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-s3/index.html
  • AWS SDK - Generate a Presigned Post: https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_s3_presigned_post.html#generate-a-presigned-post
  • AWS S3 POST Policy - Condition Matching (only allow images): https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html
  • AWS ACL Permissions: https://stackoverflow.com/a/70550540/19416953
AWS S3 Logo
Avatar of vercelvercel/examples

AWS S3 Image Upload

Use AWS S3 to upload images to a bucket from a Next.js application.

Framework
Use Case
CSS
Database

Next.js + AWS S3 Upload

This is an example of a Next.js application allowing you to upload photos to an S3 bucket.

How to Use

Option 1: Use an existing S3 bucket.

Retrieve your existing access key, secret key, S3 bucket region and name. Provide those values after clicking "Deploy" to automatically set the environment variables.

Deploy with Vercel

Option 2: Create an S3 bucket.

Execute create-next-app with pnpm to bootstrap the example:

pnpm create next-app --example https://github.com/vercel/examples/tree/main/solutions/aws-s3-image-upload
  1. Create a new S3 Bucket.
    1. In Object Ownership, select "ACLs enabled" and "Bucket owner prefered"
    2. In Block Public Access settings for this bucket, uncheck "Block all public access".
  2. Create a new IAM User.
    1. Select "Attach policies directly".
    2. Add s3:DeleteObject, s3:GetObject, s3:ListBucket, s3:PutObject, s3:PutObjectAcl
  3. Save the access key and secret key for the IAM User.
    1. Select the newly created user (IAM > Users > "your-user") and navigate to "Security Credentials".
    2. Under "Access Keys", create a key and save this information. We will use this in the next step.
  4. Create an .env.local file similar to .env.example.
    1. In your env.local file, use the information from your access key, along with the region and bucket name.
    2. Do not adjust the naming of the keys, only input your values. This is to ensure S3 Client can read them as defaults.
  5. Configure CORS to enable uploads from your browser.
    1. Navigate to your bucket, and go to the "Permissions" tab.
    2. Scroll down to find "Cross-origin resource sharing (CORS)" and click "Edit" on the right side.
    3. Paste the following code below.
    [
    {
    "AllowedHeaders": [
    "*"
    ],
    "AllowedMethods": [
    "GET",
    "PUT",
    "POST",
    "DELETE"
    ],
    "AllowedOrigins": [
    "*"
    ],
    "ExposeHeaders": []
    }
    ]
  6. Run pnpm dev or npm run dev to start the Next.js app at http://localhost:3000.
  7. Choose a .png or .jpg file.
  8. You should see your file successfully uploaded to S3.

This example uses createPresignedPost instead of getSignedUrlPromise to allow setting max/min file sizes with content-length-range.

Deploy it to the cloud with Vercel (Documentation).

Credentials and Environment Variables

AWS credentials (e.g. AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) and region configuration (e.g. AWS_REGION) can now be used directly as environment variables for Vercel deployments.

These variables are the default names expected by the AWS SDK, which means the user no longer has to configure credentials when using it. For example, this code is no longer necessary:

const s3 = new S3Client({
accessKeyId: process.env.ACCESS_KEY,
secretAccessKey: process.env.SECRET_ACCESS_KEY,
region: process.env.REGION,
})

Instead, it can be replaced with this:

const client = new S3Client({ region: process.env.AWS_REGION });

Source: AWS Environment Variable Default “Load Credential”

The SDK will pick up the credentials from the environment automatically.

Commands

  • pnpm dev or npm run dev – Starts the Next.js app at localhost:3000.

Additional Resources

AWS Environment Variables

  • AWS Environment Variables: https://docs.aws.amazon.com/sdkref/latest/guide/settings-reference.html
  • AWS Environment Variable Default “Load Credential”: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html

AWS SDK - Presigned Post

  • How to use PresignedPost URLs (this example includes adding user id as metadata): https://advancedweb.hu/how-to-use-s3-post-signed-urls/
  • AWS SDK v3 - S3Client Initalization (see Usage): https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/clients/client-s3/index.html
  • AWS SDK - Generate a Presigned Post: https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/modules/_aws_sdk_s3_presigned_post.html#generate-a-presigned-post
  • AWS S3 POST Policy - Condition Matching (only allow images): https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html
  • AWS ACL Permissions: https://stackoverflow.com/a/70550540/19416953

Unleash New Possibilities

Deploy your app on Vercel and unlock its full potential