As per my findings industry practice often favors using pre-signed URLs. Some pointers:

Scalability: Offloading the upload process to the client reduces server load. Security: Pre-signed URLs can be configured with specific permissions and expiration times, minimizing misuse risks. Flexibility: Supports large file uploads and can handle various file types and sizes.

To mitigate security concerns with pre-signed URLs, we can ensure:

• Short expiration times for the URLs, clients check also have expired time saved.
• Strict permissions (only allowing PUT operations)
• Validation of the uploaded file after it reaches S3.