Ultra-simple serverless file storage with just 3 files!
- AWS Account
- 10-15 minutes
- Go to S3 Console: https://console.aws.amazon.com/s3/
- Click "Create bucket"
- Bucket name:
vaultbox-akashβ (already filled in) - Region: Asia Pacific (Sydney) ap-southeast-2 β (already selected)
- Settings:
- β Block all public access (keep default)
- β Enable versioning
- β Enable server-side encryption (AES-256)
- Click "Create bucket"
π Note down: vaultbox-akash
- Go to DynamoDB Console: https://console.aws.amazon.com/dynamodb/
- Click "Create table"
- Table name:
vaultbox-files - Partition key:
userId(String) - Sort key:
fileId(String) - Settings: Use default settings (On-demand billing)
- Click "Create table"
π Note down: Your table name (vaultbox-files)
- Go to Cognito Console: https://console.aws.amazon.com/cognito/
- Click "Create user pool"
- Step 1 - Configure sign-in experience:
- β Email
- β Username
- Step 2 - Configure security requirements:
- Password policy: Use defaults
- MFA: No MFA (for simplicity)
- Step 3 - Configure sign-up experience:
- β Enable self-registration
- Required attributes: Email
- Step 4 - Configure message delivery:
- Email: Send email with Cognito (for testing)
- Step 5 - Integrate your app:
- User pool name:
vaultbox-users - App client name:
vaultbox-web - β Generate client secret: NO (uncheck this)
- User pool name:
- Click "Create user pool"
π Note down:
- User Pool ID (e.g.,
us-east-1_xxxxxxxxx) - App Client ID (e.g.,
xxxxxxxxxxxxxxxxxxxxxxxxxx)
- Go to Lambda Console: https://console.aws.amazon.com/lambda/
- Click "Create function"
- Function name:
vaultbox-backend - Runtime:
Python 3.11 - Architecture:
x86_64 - Click "Create function"
- In the Code tab, delete the default code
- Copy and paste the entire content from your
lambda_function.pyfile - Click "Deploy"
- Go to Configuration tab β Environment variables
- Click "Edit"
- Add these variables:
S3_BUCKET_NAME:vaultbox-akashDYNAMODB_TABLE_NAME:vaultbox-files
- Click "Save"
- Go to Configuration tab β Permissions
- Click on the execution role name (opens IAM)
- Click "Add permissions" β "Attach policies"
- Search and select these policies:
AmazonS3FullAccessAmazonDynamoDBFullAccess
- Click "Add permissions"
π Note down: Your Lambda function ARN
- Go to API Gateway Console: https://console.aws.amazon.com/apigateway/
- Click "Create API"
- Choose "REST API" β "Build"
- API name:
vaultbox-api - Endpoint Type: Regional
- Click "Create API"
- Click "Authorizers"
- Click "Create New Authorizer"
- Name:
cognito-auth - Type: Cognito
- Cognito User Pool: Select your user pool from step 3
- Token Source: Authorization
- Click "Create"
- Click "Resources"
- Click "Actions" β "Create Resource"
- Resource Name:
files - Resource Path:
/files - β Enable API Gateway CORS
- Click "Create Resource"
- Select
/filesresource - Click "Actions" β "Create Method" β "POST"
- Integration type: Lambda Function
- Lambda Function: Select your
vaultbox-backendfunction - Click "Save" β "OK"
- Click on POST method
- Click "Method Request"
- Authorization: Select your Cognito authorizer
- Click the checkmark to save
- Select
/filesresource - Click "Actions" β "Create Method" β "GET"
- Integration type: Lambda Function
- Lambda Function: Select your
vaultbox-backendfunction - Authorization: Select your Cognito authorizer
- Click "Save"
- Select
/filesresource - Click "Actions" β "Create Resource"
- Resource Name:
File Operations - Resource Path:
{fileId} - β Enable API Gateway CORS
- Click "Create Resource"
- Select
/{fileId}resource - Click "Actions" β "Create Method" β "GET"
- Integration type: Lambda Function
- Lambda Function: Select your
vaultbox-backendfunction - Authorization: Select your Cognito authorizer
- Click "Save"
- Select
/{fileId}resource - Click "Actions" β "Create Method" β "DELETE"
- Integration type: Lambda Function
- Lambda Function: Select your
vaultbox-backendfunction - Authorization: Select your Cognito authorizer
- Click "Save"
- Click "Actions" β "Deploy API"
- Deployment stage:
[New Stage] - Stage name:
prod - Click "Deploy"
π Note down: Your API Gateway URL (e.g., https://xxxxxxxxxx.execute-api.us-east-1.amazonaws.com/prod)
- Go back to Cognito Console
- Select your user pool
- Go to "App integration" tab
- Click on your app client
- Click "Edit" under "Hosted UI"
- Settings:
- Allowed callback URLs:
http://localhost:3000(for testing) - Allowed sign-out URLs:
http://localhost:3000 - OAuth 2.0 grant types: β Authorization code grant
- OpenID Connect scopes: β Email, β OpenID, β Profile
- Allowed callback URLs:
- Click "Save changes"
π Note down: Your Cognito domain URL
- Open your
index.htmlfile - Update these values:
// Replace with your actual values
const API_URL = 'https://YOUR-API-ID.execute-api.us-east-1.amazonaws.com/prod/files';
const COGNITO_DOMAIN = 'https://your-domain.auth.us-east-1.amazoncognito.com';
const CLIENT_ID = 'your-cognito-client-id';
const REDIRECT_URI = 'http://localhost:3000';-
Serve your HTML file:
# Simple Python server python -m http.server 3000 -
Open browser:
http://localhost:3000 -
Test flow:
- Click sign in β Should redirect to Cognito
- Create account β Verify email
- Sign in β Should redirect back with token
- Upload file β Should work
- Download file β Should work
- Delete file β Should work
Your VaultBox is now live with:
- β Secure file upload/download
- β User authentication via Cognito
- β Serverless auto-scaling
- β Encrypted storage in S3
- β Fast metadata in DynamoDB
Common Issues:
- CORS Error: Enable CORS in API Gateway for all methods
- 403 Error: Check Cognito authorizer is attached to methods
- Lambda Error: Check CloudWatch logs in Lambda console
- File Upload Fails: Verify S3 bucket permissions in Lambda role
View logs and metrics:
- Lambda: CloudWatch logs automatically created
- API Gateway: Built-in monitoring dashboard
- S3: Storage metrics in S3 console
- DynamoDB: Performance metrics in DynamoDB console
Total Setup Time: ~15 minutes Total Code: 3 files, ~150 lines Monthly Cost: Nearly free for development/testing!