Cloud-Based File Sharing System

Built a secure, serverless file sharing system using S3, API Gateway, and Lambda for a mid-size company. Enabled internal teams and external clients to exchange documents using pre-signed URLs and role-based access.

7/16/20252 min read

Introduction

Sharing files across teams, departments, and clients is a fundamental business need — but doing it through email attachments, unsecured drives, or third-party apps can quickly lead to security risks and versioning chaos.

To solve this for a mid-size company, I designed and deployed a cloud-native file sharing system using AWS. The goal was simple: provide a secure, scalable, and centralized platform for uploading and accessing files — without ever managing a server.

This serverless solution replaced outdated methods with automation, fine-grained access control, and user-friendly tools — all powered by AWS.

Project Goals

  • Enable secure file sharing between internal teams and external clients

  • Automate upload and download link generation

  • Ensure access control, encryption, and activity logging

  • Build a lightweight UI to facilitate collaboration

  • Eliminate file size limitations and operational overhead

Frontend (User Interface)

I built a simple web interface using HTML/CSS and basic JavaScript, hosted via Amazon S3 + CloudFront. Users could:

  • Select a file to upload

  • Choose recipient or folder/project

  • Receive a download link

  • View previously shared files (via list fetched from S3 metadata or DynamoDB)

While internal users accessed the full dashboard, external clients received pre-signed download links for limited-time access.

Backend (File Management Logic)

The backend was built entirely using AWS Lambda, orchestrated via Amazon API Gateway.

Key Lambda functions:

  • generateUploadLink: Returns a pre-signed S3 PUT URL to upload files

  • generateDownloadLink: Returns a pre-signed S3 GET URL for secure download

  • logTransfer: Stores audit info (who sent what and when) in CloudWatch Logs or optionally in DynamoDB

These Lambda functions enforce access rules and log every interaction.

Storage & Permissions

Files are stored in a centralized Amazon S3 bucket, organized by:

  • Department or team

  • Project or client name

  • Date or file type

Access is controlled by:

  • IAM roles for internal users

  • Pre-signed URLs for external recipients (time-limited and operation-scoped)

  • Bucket policies to enforce encryption and block public access

Lifecycle rules automatically delete older files after a defined period.

Security Measures

Security was a core design priority:

  • S3 encryption at rest and in transit (SSL + SSE-S3)

  • Pre-signed URLs allow only specific actions (GET/PUT), expire in minutes

  • IAM roles follow least privilege principles

  • CORS policy enforces safe frontend-backend interaction

  • All actions logged to CloudWatch for auditing and debugging

Optional: CloudTrail could be added for full compliance-grade logging.

Infrastructure as Code (AWS CDK)

I used AWS CDK to define and deploy the entire stack:

  • S3 bucket with lifecycle and encryption rules

  • API Gateway with REST endpoints

  • Lambda functions and permissions

  • CloudFront distribution for UI

  • IAM roles and policies

CDK makes it easy to replicate this for other departments or business units.

Real-World Use Case

This solution was deployed for a mid-size company that frequently exchanged documents with clients (invoices, reports, onboarding files). Their challenges included:

  • Lost email attachments

  • Expired Google Drive links

  • Manual follow-ups and version mismatches

By moving to a serverless, link-based model:

  • Teams could upload and share files with one click

  • Clients could download files securely via expiring links

  • No login was required for external users

  • File activity was tracked and audited automatically

This significantly improved turnaround times and reduced support tickets.

Lessons Learned

  • Built secure upload/download workflows using S3 and Lambda

  • Learned how to use pre-signed URLs for precise access control

  • Practiced CDK for S3 lifecycle rules, IAM permissions, and Lambda packaging

  • Improved understanding of data structure for business-use file organization

  • Delivered a real-world solution that balanced user experience with security and compliance

Conclusion

This project proves that file sharing doesn’t have to be complicated or risky. By using AWS services like S3, Lambda, and API Gateway, I created a platform that’s both simple and secure — built for real business use, and infinitely scalable.

🛠️ Tech Stack:

  • Amazon S3

  • AWS Lambda

  • Amazon API Gateway

  • Amazon CloudFront

  • Amazon CloudWatch

  • AWS CDK

  • IAM Roles & Policies

Contact me