AWS S3 display file inline instead of force download
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Amazon S3 (Simple Storage Service) is a highly popular cloud storage service offering from AWS (Amazon Web Services). It allows users to store and retrieve any amount of data from anywhere on the web. While S3 is typically used for storing files, a common requirement often arises: serving these files directly inline to a web application rather than forcing a download. This can be crucial for enhancing user experience in web environments, particularly for content such as images, PDFs, or text files.
This article explores the techniques to display files stored in S3 inline instead of imposing a download and delves into the technical details required to achieve it.
Understanding Content-Disposition
The key to controlling how content is handled by the browser is through the Content-Disposition header. This HTTP header provides the browser guidance on how to display the content. It can be set to inline, which suggests that the browser should display the content inline within the web page if possible, or attachment, which instructs the browser to download the content as a file attachment.
Common Use Cases for Inline Display
- Media Streaming: Inline audio or video streams to users directly from S3 without initiating a download.
- Document Viewing: Display PDFs inline using web viewers or browser plugins.
- Image Display: Serve images directly in webpages for better UX.
Setting S3 Object Metadata
When uploading objects to S3, you can specify the Content-Disposition metadata. Here's how you can set it using AWS SDK for Python (Boto3) or AWS CLI:
Using Boto3
Using AWS CLI
Configuring S3 Bucket Policy for Public Access
If your S3 bucket objects need to be accessed publicly (like images or public documents), ensure that the bucket has a policy allowing public access while ensuring compliance with your security requirements.
Example Bucket Policy
Setting CORS Configuration
To enable browsers from different domains to fetch your resources, you need to set the appropriate Cross-Origin Resource Sharing (CORS) configuration for your S3 bucket.
Example CORS Configuration
Example: Direct PDF Display in a Web Page
Consider a scenario where you want to show a PDF document inline in a web page. Once the Content-Disposition is set to inline in S3, you can embed it using an HTML <iframe>:
Security Considerations
When serving files inline, especially to a public audience, one must consider:
- Bucket Permissions: Turning on strict access controls for sensitive content.
- HTTPS: Always leveraging HTTPS to avoid man-in-the-middle attacks.
- CORS: Ensuring CORS configurations correctly protect resources from unauthorized domains.
Summary Table
| Aspect | Description |
| Content-Disposition | Controls whether a file is displayed inline or downloaded |
| Use Cases | Media streaming, document viewing, image display |
| S3 Metadata Configuration | Use Boto3 or AWS CLI to set Content-Disposition |
| Public Access Policy | Change S3 bucket policy for public access when necessary |
| CORS | Configures browser permissions for cross-origin requests |
| Security | Secure bucket, use HTTPS, configure CORS correctly |
In conclusion, displaying files inline from S3 enhances user experience by seamlessly integrating content into web applications. By meticulously configuring metadata and access policies, developers can effectively manage how files are presented end-to-end.

