Creating a secure URL with an expiration date from S3
Here’s a cool trick you can do with S3: you can generate a URL with an “expires” timestamp that will only be good until that timestamp.
Although there are a number of potential uses for this, I generally do it instead of emailing attachments; many companies still impose ridiculously low limits on their employee email accounts (I’ve seen as little as 100MB total in 2015), which can quickly be sucked up by large email attachments.
Right now there’s no way to generate pre-signed URLs from the CLI, but it’s really easy to do in a Python script.
#!/usr/bin/env python
# Create a time-bombed URL from an S3 object
# Parameters: s3_url [timeout]
# timeout defaults to 1 minute if not specified
# requires the boto module
import sys,retry:
testArg=re.match('s3:\/\/',sys.argv[1])
except:
print ("usage: " + sys.argv[0] + " s3_object ttl_in_sec")
sys.exit(1)
if not testArg:
print "need a valid s3 object as arg"
sys.exit(1)try:
sys.argv[2]
expTime=int(sys.argv[2])
except:
expTime=60(bucket,key)=re.split('/',re.sub('^s3:\/\/','',sys.argv[1]),maxsplit=1)testKey=re.match('\w',key)
if not testKey:
print ("something wrong with this url - I have a key of: " + key + " - bailing")
sys.exit(1)from boto.s3.connection import S3Connection
s3=S3Connection()
url = s3.generate_url(expTime, 'GET', bucket=bucket, key=key)
print (url)
Note that this requires you to have your credentials already set up via a method supported by boto (of which there are many).
Running this script will generate a URL like this:
Nate’s laptop: tmp naton$ create_temporary_url s3://runascloud-tmp/medium/testFile.txt 94608000https://runascloud-tmp.s3.amazonaws.com/medium/testFile.txt?Signature=6eAuqcwJtpy4RLbIB7LsvTDt7g4%3D&Expires=1569188257&AWSAccessKeyId=AKIAIHPTZ74AMD3GGAMQNate’s laptop: tmp naton$
The resulting link can then be pasted into an email, or reduced further via a URL shortener.
If you liked this tip and would like to know more, check out our site at http://www.runascloud.com/
If you or your company is in need of any AWS help, shoot us an email and let’s talk!
