New serverless pattern - lambda-s3-files-cdk by NithinChandranR-AWS · Pull Request #3075 · aws-samples/serverless-patterns

NithinChandranR-AWS · 2026-04-23T17:59:03Z

New Serverless Pattern: Lambda with Amazon S3 Files Mount

Description

Deploys a Lambda function with an Amazon S3 Files file system mounted at /mnt/s3data, enabling standard file operations (read, write, list) on S3 data without downloading objects. Uses Amazon S3 Files (GA April 2026).

Architecture

┌──────────┐     ┌──────────────────────────┐
│ S3 Bucket│◄───►│  S3 Files FileSystem     │
└──────────┘     └────────────┬─────────────┘
                              │ NFS (port 2049)
                 ┌────────────┴─────────────┐
                 │           VPC            │
                 │  Mount Target (AZ-1)     │
                 │  Mount Target (AZ-2)     │
                 │       ▲                  │
                 │  Lambda /mnt/s3data      │
                 └──────────────────────────┘

Key Features

S3 Files FileSystem + MountTargets + AccessPoint (L1 constructs — no L2 yet)
VPC with 2 AZs, security group for NFS traffic (port 2049)
Lambda reads/writes/lists files via standard Node.js fs module
Bidirectional sync between S3 bucket and mounted filesystem
Sub-millisecond latency on actively used data
POSIX user identity (UID/GID 1000) via AccessPoint

Framework / Language

AWS CDK (TypeScript)
Lambda: Node.js 22.x

Deployment & Testing

Deployed and tested successfully on AWS
Write ✅ Read ✅ List ✅ S3 Sync ✅ (all verified)

Files

File	Purpose
`lib/lambda-s3-files-stack.ts`	CDK stack (VPC, S3 Files, Lambda)
`src/index.js`	Lambda handler (read/write/list)
`example-pattern.json`	Serverless Land metadata

Deploy a Lambda function with an Amazon S3 Files file system mounted as a local directory, enabling standard file operations on S3 data without downloading objects. Key features: - S3 Files FileSystem with NFS mount on Lambda at /mnt/s3data - VPC with 2 AZs, mount targets, and access point (L1 constructs) - Security group for NFS traffic (port 2049) - Read, write, and list operations via standard fs module - Bidirectional sync between S3 bucket and mounted filesystem - Sub-millisecond latency on actively used data

Replace wildcard resource with specific S3 Files access point ARN for least-privilege IAM.

bfreiberg · 2026-04-24T06:22:52Z

Thanks for submitting this pattern! Here's what needs to be addressed:

Path Traversal Vulnerability in File Operations — src/index.js line 11: User-controlled filename and directory inputs are not validated, allowing '../' sequences to access files outside intended paths. Add input validation to reject filenames/directories containing '..' sequences and restrict to alphanumeric characters, hyphens, and underscores.
First reference of service names must use the full name. Lambda should be AWS Lambda — README.md line 1: "Lambda" is used but "AWS Lambda" never appears in the document Change the first reference to "AWS Lambda". Short name "Lambda" is fine after that.
First reference should be AWS IAM — README.md line 11: "IAM" is used but "AWS IAM" never appears in the document Change the first reference to "AWS IAM". Short name "IAM" is fine after that.

bfreiberg · 2026-04-24T06:23:08Z

+
+## How it works
+
+[Amazon S3 Files](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-files.html) (GA April 2026) provides NFS access to S3 buckets with full POSIX semantics. This pattern mounts an S3 bucket on a Lambda function at `/mnt/s3data`.


Suggested change

[Amazon S3 Files](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-files.html) (GA April 2026) provides NFS access to S3 buckets with full POSIX semantics. This pattern mounts an S3 bucket on a Lambda function at `/mnt/s3data`.

[Amazon S3 Files](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-files.html) provides NFS access to S3 buckets with full POSIX semantics. This pattern mounts an S3 bucket on a Lambda function at `/mnt/s3data`.

Done, removed "(GA April 2026)". Fixed in f963437.

bfreiberg · 2026-04-24T06:24:23Z

+
+    // Lambda function with S3 Files mount
+    const fn = new lambda.Function(this, "S3FilesFn", {
+      runtime: lambda.Runtime.NODEJS_22_X,


Why not use the latest runtime version?

Upgraded to nodejs24.x via CDK escape hatch (L2 does not have NODEJS_24_X yet). Deployed and tested on a live stack — list, write, and read all pass. Fixed in f963437.

bfreiberg · 2026-04-24T06:24:58Z

@@ -0,0 +1,61 @@
+{
+  "title": "Lambda with Amazon S3 Files Mount",


Suggested change

"title": "Lambda with Amazon S3 Files Mount",

"title": "AWS Lambda with Amazon S3 Files Mount",

Updated to "AWS Lambda with Amazon S3 Files Mount". Fixed in f963437.

bfreiberg · 2026-04-24T06:25:19Z

+    "headline": "How it works",
+    "text": [
+      "This pattern deploys a Lambda function with an Amazon S3 Files file system mounted at /mnt/s3data. The function performs standard file operations (read, write, list) on S3 data using the local filesystem — no S3 API calls needed.",
+      "S3 Files (GA April 2026) provides NFS access to S3 buckets with sub-millisecond latency on small files and full POSIX semantics. The pattern creates a VPC, S3 Files file system, mount targets, access point, and a Lambda function wired together.",


Suggested change

"S3 Files (GA April 2026) provides NFS access to S3 buckets with sub-millisecond latency on small files and full POSIX semantics. The pattern creates a VPC, S3 Files file system, mount targets, access point, and a Lambda function wired together.",

"S3 Files provides NFS access to S3 buckets with sub-millisecond latency on small files and full POSIX semantics. The pattern creates a VPC, S3 Files file system, mount targets, access point, and a Lambda function wired together.",

Applied suggested description, removed "(GA April 2026)". Fixed in f963437.

- Remove (GA April 2026) from README and example-pattern.json - Upgrade runtime to nodejs24.x via escape hatch - Update title to 'AWS Lambda with Amazon S3 Files Mount' - Use reviewer-suggested description text

NithinChandranR-AWS · 2026-04-24T11:12:34Z

Thanks for the quick review, @bfreiberg! All 4 comments addressed and pushed. Would appreciate another look when you get a chance

julianwood assigned bfreiberg and julianwood Apr 23, 2026

fix(iam): scope s3files permissions to access point ARN

9706c34

Replace wildcard resource with specific S3 Files access point ARN for least-privilege IAM.

bfreiberg requested changes Apr 24, 2026

View reviewed changes

bfreiberg reviewed Apr 24, 2026

View reviewed changes

fix(lambda-s3-files-cdk): Address review comments

f963437

- Remove (GA April 2026) from README and example-pattern.json - Upgrade runtime to nodejs24.x via escape hatch - Update title to 'AWS Lambda with Amazon S3 Files Mount' - Use reviewer-suggested description text

NithinChandranR-AWS requested a review from bfreiberg April 24, 2026 08:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

New serverless pattern - lambda-s3-files-cdk#3075

New serverless pattern - lambda-s3-files-cdk#3075
NithinChandranR-AWS wants to merge 3 commits intoaws-samples:mainfrom
NithinChandranR-AWS:NithinChandranR-AWS-feature-lambda-s3-files-cdk

NithinChandranR-AWS commented Apr 23, 2026

Uh oh!

bfreiberg commented Apr 24, 2026

Uh oh!

bfreiberg Apr 24, 2026

Uh oh!

NithinChandranR-AWS Apr 24, 2026

Uh oh!

bfreiberg Apr 24, 2026

Uh oh!

NithinChandranR-AWS Apr 24, 2026

Uh oh!

bfreiberg Apr 24, 2026

Uh oh!

NithinChandranR-AWS Apr 24, 2026

Uh oh!

bfreiberg Apr 24, 2026

Uh oh!

NithinChandranR-AWS Apr 24, 2026

Uh oh!

NithinChandranR-AWS commented Apr 24, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants


		## How it works

		[Amazon S3 Files](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-files.html) (GA April 2026) provides NFS access to S3 buckets with full POSIX semantics. This pattern mounts an S3 bucket on a Lambda function at `/mnt/s3data`.

		@@ -0,0 +1,61 @@
		{
		"title": "Lambda with Amazon S3 Files Mount",

	"title": "Lambda with Amazon S3 Files Mount",
	"title": "AWS Lambda with Amazon S3 Files Mount",

	"S3 Files (GA April 2026) provides NFS access to S3 buckets with sub-millisecond latency on small files and full POSIX semantics. The pattern creates a VPC, S3 Files file system, mount targets, access point, and a Lambda function wired together.",
	"S3 Files provides NFS access to S3 buckets with sub-millisecond latency on small files and full POSIX semantics. The pattern creates a VPC, S3 Files file system, mount targets, access point, and a Lambda function wired together.",

Conversation

NithinChandranR-AWS commented Apr 23, 2026

New Serverless Pattern: Lambda with Amazon S3 Files Mount

Description

Architecture

Key Features

Framework / Language

Deployment & Testing

Files

Uh oh!

bfreiberg commented Apr 24, 2026

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

NithinChandranR-AWS commented Apr 24, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

NithinChandranR-AWS commented Apr 24, 2026 •

edited

Loading