[PetahNZ]

There is a few options, such as using AWS Cognito, or signed requests. I personally use signed requests which allows you to specify where and what type of files are allowed to be uploaded. First the user asks my server for a policy and signature, then uploads directly to S3, then sends another request to my server when done. My server will then verify and process uploaded files.

Likewise requests can also be signed so you can implement rate limiting on you side, and just allow S3 to serve the payload. Or you can do thing like use Cloudfront to server the objects which can use various methods of authentication such as signed cookies, or Lambda functions.

Headers can be set in the S3 object metadata.

[mr_puzzled]

Thanks for the explanation. Follow up question : how did you implement the signed cookies part?

[harrisonjackson]

Use the the aws sdk to generate credentials on your server, pass the returned creds to your frontend. The request to generate the credentials allows you to lock down the size and type of file. They can go directly into a form or used in javascript. Lot of github libs and stack overflows that go into more detail. https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingH...