Leave EVERYTHING up to the browser and S3.
This demo uses only client-side code to authenticate and upload files to S3. We have not written any server-side code at all. In fact, the entire example is hosted in an S3 bucket. Try it out by choosing one of the identity providers to the right.
Note: If you simply want to avoid the signature HTTP requests for each file/chunk, and need to support legacy browsers, you can do that too, but some server-side code will be required to utilize the AWS temporary credentials calls. See the client-side signing feature page in the documentation for more details.