Understanding S3 presigned URL
What are S3 presigned URLs?
S3 presigned URLs are pre-authenticated URLs granting user access to the objects stored in S3.
Users will inherit the permissions of the person who is generating the presigned URL
Why is it needed?
Temporarily allow user to upload/download objects from S3. eg: premium videos that should be accessible for a stipulated time
Understanding S3 presigned URLs from AWS console
I just uploaded an image onto my S3 bucket and this is not public by default:
Let’s try opening the object via the object URL-
We are getting an access denied error. This is because the object is not public.
Now, let’s try to open it via Object actions.
We are able to open it because this URL is signed with our credentials:
How to generate one?
Prerequisites-
- AWS CLI is installed and configured with your account credentials
- We have an S3 bucket which is not public
The following command is to configure the signature version:
# set the proper signature version in order not to get issues when generating URLs for encrypted files
aws configure set default.s3.signature_version s3v4
This command generates a presigned URL, which we can use to distribute the selective content
# add a custom expiration time
aws s3 presign s3://mybucket/myobject — expires-in 300 — region my-region