[krallin]

Lots of very useful tips there!

There's one that I think could be improved on a little:

    Uploads should go direct to S3 (don't store on local filesystem and have another process move to S3 for example). 

You could even use a temporary URL[0,1] and have the user upload directly to S3!

[0]: http://stackoverflow.com/questions/10044151/how-to-generate-... [1]: http://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlU...

[jaibot]

I have a desktop client that requests one-time upload URLs from my server via an API. Later they get downloaded and processed somewhere else - never actually touching my web server.

[Jach]

Even cooler I think if you need a lot of file uploads (and potentially organized into their own folders) is letting your customer connect to a WebDAV interface with their system file browser, then they can just drag and drop whatever. (https://code.google.com/r/1meref-sabredav-amazons3/)

[richadams]

Wow, didn't know about pre-signed URLs, very useful. I've added this info to my article, thanks!

[toomuchtodo]

I've always seen issues pushing objects directly to S3 from a browser using CORS. YMMV.

[ceejayoz]

You can specify CORS headers for S3, or you can just use a standard form POST.

[toomuchtodo]

You still need a stub API for generating the signature to sign the upload requests to S3, correct?

[ceejayoz]

Not technically, but generally in practice. You can open things up permissions-wise but run the risk of folks uploading lots of large files. Keeping permissions locked down and doing a signature allows things like file size, location, etc. restrictions.