To use AWS S3 with V0, generate your file upload UI in V0, then create a Next.js API route that uses AWS SDK v3 to generate pre-signed URLs for direct browser-to-S3 uploads. This bypasses Vercel's 4.5MB request body limit by having the browser upload files straight to S3 without routing through your server. Store AWS credentials in Vercel environment variables.
Adding File Upload and Storage to Your V0 App with AWS S3
File upload is one of the most common features founders need to add to their V0 apps — profile photos, document attachments, user-generated content, and product images all require somewhere to store files. AWS S3 is the industry standard: infinitely scalable, pay-per-use, globally available, and integrated with a massive ecosystem of processing tools.
The critical technical challenge with file uploads on Vercel is the 4.5MB request body limit. Serverless functions on Vercel cannot receive files larger than 4.5MB, which rules out many real-world use cases like photo uploads or PDF attachments. The solution is pre-signed URLs: instead of uploading through your server, your API route generates a temporary, one-time S3 URL that allows the browser to upload directly to S3. The file never touches Vercel's servers — it goes straight from the user's browser to your S3 bucket.
For file reads and downloads, you have two options: make files publicly accessible (simple but exposes all URLs) or generate pre-signed GET URLs with expiration times (secure but requires a server round-trip). For most apps with user data, pre-signed GET URLs are the right choice since they prevent unauthorized access to files even if someone discovers the URL after it expires.
Integration method
V0 generates the file upload UI components while a Next.js API route uses AWS SDK v3 to generate pre-signed S3 URLs. The browser uploads files directly to S3 using these pre-signed URLs, bypassing Vercel's 4.5MB serverless function body limit. Download and read operations can go through an API route that generates pre-signed GET URLs.
Prerequisites
- A V0 account with a Next.js project at v0.dev
- An AWS account at aws.amazon.com with S3 access
- An S3 bucket created in your preferred AWS region with CORS configured
- An IAM user or role with s3:PutObject and s3:GetObject permissions scoped to your bucket
- AWS Access Key ID and Secret Access Key from the IAM user's security credentials
Step-by-step guide
Create an S3 Bucket and Configure CORS
Create an S3 Bucket and Configure CORS
Start by creating an S3 bucket in the AWS Console and configuring CORS (Cross-Origin Resource Sharing). CORS is required because your browser will make direct HTTP requests to S3 from your Vercel domain — S3 needs to explicitly allow this. Go to the AWS Console (console.aws.amazon.com), search for S3, and click Create bucket. Choose a name (e.g., 'my-app-uploads'), select your preferred region (pick one geographically close to your users), and leave Block Public Access enabled for now — you will control access via pre-signed URLs, not public permissions. After creating the bucket, click on it, go to the Permissions tab, scroll down to Cross-origin resource sharing (CORS), and click Edit. Paste the CORS configuration below. This allows PUT requests from your app's domain and any localhost port during development. Replace https://your-app.vercel.app with your actual Vercel deployment URL. Next, create an IAM user for programmatic access. Go to IAM in the AWS Console, click Users → Create user. Give it a name like 'v0-app-s3-user'. On the permissions step, select Attach policies directly and create an inline policy that allows only s3:PutObject and s3:GetObject on your specific bucket (arn:aws:s3:::your-bucket-name/*). Scoping permissions to only your bucket and only the actions you need limits damage if credentials are ever compromised. Finally, under Security credentials, create an Access Key — choose Application running outside AWS as the use case and download the CSV with your Access Key ID and Secret.
1[2 {3 "AllowedHeaders": ["*"],4 "AllowedMethods": ["PUT", "GET"],5 "AllowedOrigins": [6 "http://localhost:3000",7 "https://your-app.vercel.app"8 ],9 "ExposeHeaders": ["ETag"],10 "MaxAgeSeconds": 300011 }12]Pro tip: Use a separate S3 bucket per environment (development, staging, production) to prevent test uploads from cluttering your production storage.
Expected result: Your S3 bucket exists with CORS configured, and you have an IAM user Access Key ID and Secret Access Key with minimal S3 permissions.
Generate Your File Upload UI with V0
Generate Your File Upload UI with V0
Use V0 to generate the file upload interface for your app. V0 can create polished drag-and-drop zones, file preview grids, progress indicators, and file list components using Tailwind CSS and shadcn/ui components. When prompting V0, describe the exact upload flow: the user selects or drops a file, your component makes a GET request to /api/upload/signed-url with the filename and file type, receives a pre-signed URL and the final S3 object key, then makes a PUT request directly to the pre-signed URL with the file as the request body. Tell V0 to track upload progress using the XMLHttpRequest upload progress event or a fetch wrapper. Important: the standard fetch API does not support upload progress events. To show a progress bar during upload, use XMLHttpRequest with its upload.onprogress event, or a library like axios that wraps XHR. Ask V0 to implement this correctly if a progress indicator is important for your UX. Also ask V0 to handle file type and size validation client-side before requesting the pre-signed URL. This prevents wasted API calls for rejected files and gives instant feedback to users.
Create a file upload component with a drag-and-drop zone and a file input button. Accept images and PDFs up to 50MB. When a file is selected, show a preview (image thumbnail or PDF icon) and a progress bar. The upload flow should: 1) GET /api/upload/signed-url?filename=NAME&type=MIME_TYPE, 2) PUT the file directly to the returned signedUrl using XMLHttpRequest with progress tracking, 3) on completion show a success state with the file name. Include an error state for failed uploads.
Paste this in V0 chat
Pro tip: For image uploads, consider generating a client-side preview with URL.createObjectURL(file) before the upload completes — this gives users immediate visual feedback.
Expected result: V0 generates a functional file upload UI component with drag-and-drop, progress tracking, and file preview that calls your planned API endpoints.
Install AWS SDK v3 and Create the Signed URL API Route
Install AWS SDK v3 and Create the Signed URL API Route
AWS SDK v3 uses a modular package architecture — you only install the S3 client package rather than the entire SDK. Install @aws-sdk/client-s3 and @aws-sdk/s3-request-presigner as dependencies in your Next.js project. Create the API route at app/api/upload/signed-url/route.ts. This route accepts a GET request with filename and type (MIME type) query parameters. It uses the S3 client to generate a pre-signed PUT URL that allows the browser to upload directly to your bucket — the pre-signed URL is cryptographically signed with your AWS credentials and encodes the allowed operation, bucket, key, content type, and expiration time. The key name (S3 object key) should be unique for each upload. Use a combination of a UUID (or timestamp) and the original filename to prevent collisions and overwriting: for example, uploads/1234567890-profile.jpg. Return both the signedUrl (for the PUT request) and the key (to save in your database as a reference to the uploaded file). Set the expiresIn to a short window — 3600 seconds (1 hour) is generous; even 300 seconds (5 minutes) is enough for a user to complete an upload. The pre-signed URL becomes invalid after expiration, so attackers cannot use an intercepted URL to upload malicious files later. Also create a companion route at app/api/upload/download-url/route.ts for generating pre-signed GET URLs when users need to download or view their files. This route accepts a key parameter and returns a time-limited URL that can be used in img src attributes or download links.
Create a Next.js API route at app/api/upload/signed-url/route.ts that accepts GET requests with filename and type query parameters. Use @aws-sdk/client-s3 S3Client with AWS_REGION, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY from environment variables. Generate a pre-signed PUT URL using @aws-sdk/s3-request-presigner getSignedUrl() with PutObjectCommand for bucket AWS_S3_BUCKET_NAME, key 'uploads/TIMESTAMP-filename', expiring in 300 seconds. Return both signedUrl and key.
Paste this in V0 chat
1// app/api/upload/signed-url/route.ts2import { NextRequest, NextResponse } from 'next/server';3import { S3Client, PutObjectCommand } from '@aws-sdk/client-s3';4import { getSignedUrl } from '@aws-sdk/s3-request-presigner';56const s3 = new S3Client({7 region: process.env.AWS_REGION!,8 credentials: {9 accessKeyId: process.env.AWS_ACCESS_KEY_ID!,10 secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY!,11 },12});1314export async function GET(request: NextRequest) {15 const { searchParams } = new URL(request.url);16 const filename = searchParams.get('filename');17 const type = searchParams.get('type');1819 if (!filename || !type) {20 return NextResponse.json(21 { error: 'filename and type are required' },22 { status: 400 }23 );24 }2526 const key = `uploads/${Date.now()}-${filename.replace(/[^a-zA-Z0-9._-]/g, '_')}`;2728 const command = new PutObjectCommand({29 Bucket: process.env.AWS_S3_BUCKET_NAME!,30 Key: key,31 ContentType: type,32 });3334 const signedUrl = await getSignedUrl(s3, command, { expiresIn: 300 });3536 return NextResponse.json({ signedUrl, key });37}Pro tip: Add file type validation in the API route — check that the type parameter matches an allowed MIME type list before generating the URL. This prevents users from uploading unexpected file formats.
Expected result: GET /api/upload/signed-url?filename=photo.jpg&type=image/jpeg returns a JSON object with signedUrl and key fields. The signedUrl is a valid S3 pre-signed URL that expires in 5 minutes.
Add Environment Variables in Vercel
Add Environment Variables in Vercel
Your AWS S3 API route depends on four environment variables. Add them in Vercel Dashboard → Settings → Environment Variables with scope set to Production, Preview, and Development. AWS_ACCESS_KEY_ID: the Access Key ID from the IAM user you created. This is not technically a secret in the same way as the secret key — it is often visible in request headers — but keeping it as an environment variable is good practice. AWS_SECRET_ACCESS_KEY: the Secret Access Key. This IS a true secret — it proves you are authorized to generate signed URLs for your bucket. Never prefix with NEXT_PUBLIC_ and never commit to Git. AWS_REGION: the AWS region where your S3 bucket is located, e.g., us-east-1 or eu-west-1. This must exactly match the region you selected when creating the bucket. AWS_S3_BUCKET_NAME: the name of your S3 bucket. This is not secret but making it configurable allows you to use different buckets per environment. For local development, add these same variables to a .env.local file in your project root. V0-generated Next.js projects include .env.local in .gitignore by default, so your credentials will not be committed. After saving the variables, trigger a redeployment by pushing a commit to GitHub. Test the upload flow end-to-end by uploading a small test file through your app's UI — confirm the file appears in your S3 bucket in the AWS Console.
Pro tip: For cost monitoring, set up an AWS S3 billing alert in the AWS Console so you are notified if monthly storage or transfer costs exceed a threshold.
Expected result: Vercel shows all four AWS environment variables saved. Uploading a file through the UI succeeds and the file appears in the S3 bucket.
Common use cases
User Profile Photo Upload
A SaaS app lets users upload a profile photo. V0 generates the settings page with an avatar component and file input. The upload flow gets a pre-signed URL from the API route, uploads directly to S3, then saves the S3 object key to the database for later retrieval.
Create a user settings page with a circular avatar display showing the current profile photo or a default placeholder. Include a 'Change Photo' button that opens a file input accepting only images (jpg, png, gif). Show an upload progress bar while the file is being uploaded. After success, update the avatar display with the new image URL from /api/upload/profile-photo.
Copy this prompt to try it in V0
Document and File Attachment System
A project management tool lets users attach files to tasks. V0 generates a file attachment component within the task detail view. Files up to 100MB upload directly to S3, with the object key and filename stored in the database alongside the task.
Build a file attachment component for a task card. Show a drag-and-drop zone with file size limit text (100MB max). List attached files with name, size, and a download icon. Clicking download calls /api/files/download?key=OBJECT_KEY to get a signed download URL. The upload input should call /api/upload/signed-url then PUT the file directly to the returned URL.
Copy this prompt to try it in V0
Product Image Gallery Upload
An e-commerce admin portal lets merchants upload multiple product images. V0 generates a multi-file upload interface with drag-and-drop and a preview grid. Each image uploads to S3 in parallel using pre-signed URLs, and the object keys are saved to the product record.
Create a product image uploader with a drag-and-drop area that accepts multiple image files. Show a preview grid of selected images with a remove button on each. When the user clicks Upload, request a signed URL from /api/upload/signed-url for each image, upload them to S3 in parallel, and show individual progress bars. Display success checkmarks when each completes.
Copy this prompt to try it in V0
Troubleshooting
CORS error when the browser attempts to PUT a file to the pre-signed S3 URL
Cause: The S3 bucket CORS configuration does not include your app's origin URL, or the PUT method is not in the AllowedMethods array.
Solution: Open S3 bucket → Permissions → CORS configuration and add your Vercel deployment URL to AllowedOrigins. Ensure PUT is in AllowedMethods. Changes take effect immediately.
403 Forbidden when uploading to the pre-signed URL
Cause: The pre-signed URL has expired (past the expiresIn window), or the request Content-Type header does not match what was specified when generating the URL.
Solution: Ensure the browser sends the Content-Type header on the PUT request and that it matches the type parameter used to generate the URL. For expired URLs, the client must request a fresh signed URL from your API.
1// Include Content-Type header in the PUT request2await fetch(signedUrl, {3 method: 'PUT',4 body: file,5 headers: { 'Content-Type': file.type },6});CredentialsProviderError or missing credentials error in the API route
Cause: AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY environment variables are not set in Vercel, or the variable names do not exactly match what the SDK expects.
Solution: Open Vercel Dashboard → Settings → Environment Variables and confirm both variables exist with the correct names (no typos, no extra spaces). Redeploy after adding or correcting any variables.
Files upload successfully but images do not display — broken image links
Cause: S3 objects are private by default. Accessing the direct S3 URL without a pre-signed key returns Access Denied.
Solution: Generate pre-signed GET URLs in a /api/upload/download-url?key=KEY route using GetObjectCommand and getSignedUrl, then use those time-limited URLs in your img src attributes instead of the raw S3 URL.
1import { GetObjectCommand } from '@aws-sdk/client-s3';2// ...3const command = new GetObjectCommand({4 Bucket: process.env.AWS_S3_BUCKET_NAME!,5 Key: key,6});7const signedUrl = await getSignedUrl(s3, command, { expiresIn: 3600 });Best practices
- Always use pre-signed URLs for uploads to bypass Vercel's 4.5MB request body limit — never route file bytes through your API route
- Sanitize filenames in the API route before using them as S3 keys — replace special characters to prevent key injection issues
- Apply the principle of least privilege to your IAM user — only grant s3:PutObject and s3:GetObject permissions scoped to your specific bucket ARN
- Set short pre-signed URL expiration times (5-15 minutes) for uploads to minimize the window for URL misuse
- Store S3 object keys in your database alongside file metadata — this is your reference to retrieve, display, or delete files later
- Use S3 Lifecycle Rules to automatically delete temporary or test uploads after a set period to control storage costs
- Test file uploads from Vercel preview deployments early — CORS issues often surface only when accessing from a non-localhost domain
Alternatives
Backblaze B2 offers S3-compatible storage at roughly one-quarter the cost of AWS S3, making it a strong budget alternative for storage-heavy applications.
Microsoft OneDrive is better suited for Microsoft 365 enterprise integrations where files need to live in the Office ecosystem.
Wasabi is an S3-compatible cloud storage service with no egress fees, which can significantly reduce costs for applications with high download traffic.
Frequently asked questions
Why can't I just upload files directly through my Next.js API route without S3?
Vercel serverless functions have a hard 4.5MB request body limit. Any file upload larger than that will fail with a 413 error. Pre-signed S3 URLs solve this by routing file bytes directly from the browser to S3, completely bypassing Vercel's server infrastructure.
Do I need to make my S3 bucket public for files to be accessible?
No, and you should not make the bucket public unless you specifically need all files to be publicly accessible without any access control. Instead, generate pre-signed GET URLs with expiration times whenever you need to display or allow download of a specific file. This keeps your bucket private while enabling controlled access.
How do I display uploaded images in my V0 app?
Generate a pre-signed GET URL using the S3 object key and use it as the src attribute for an img tag or Next.js Image component. Pre-signed GET URLs work as regular image URLs for the duration of their expiration. Store the S3 key in your database and generate fresh signed URLs on demand — do not cache the signed URL long-term since it will expire.
Can I use CloudFront with S3 for faster global file delivery?
Yes. Set up a CloudFront distribution with your S3 bucket as the origin. CloudFront caches files at edge locations worldwide, dramatically improving load times for globally distributed users. For private files, use CloudFront signed URLs instead of S3 pre-signed URLs — they use the same concept but at the CDN layer.
What file size limits can I support with pre-signed URLs?
Pre-signed PUT URLs support individual files up to 5GB. For files larger than 5GB, you need S3 multipart upload, which is more complex but supported by AWS SDK v3 with the Upload class from @aws-sdk/lib-storage.
Is AWS S3 or Vercel Blob better for a V0 project?
Vercel Blob is simpler to set up within the Vercel ecosystem — it is a native Marketplace integration with auto-provisioned credentials. AWS S3 is better if you need advanced features like lifecycle rules, cross-region replication, S3 Select, Lambda triggers, or if you are storing files that other AWS services will process.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation