How To Create AWS S3 Presigned URLs

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In today’s blog post, we will discuss how to provide access to anyone to an object hosted in your S3 bucket using presigned URLs. AWS S3 pre-signed URLs feature lets you grant access to anyone for a limited period of time to upload or download a file from your S3 bucket. If you want to share a file with some anonymous user in a secure way (without making it public) then S3 bucket presigned URLs is the feature that you are looking for.

You can use presigned URLs to generate a URL that can be used to access your S3 buckets. When you create a presigned URL, you associate it with a specific action. You can share the URL, and anyone with access to it can perform the action embedded in the URL as if they were the original signing user. The URL will expire and no longer work when it reaches its expiration time. The capabilities of the URL are limited by the permissions of the user who created the presigned URL. In essence, presigned URLs are a bearer token that grants access to customers who possess them.

When you create a presigned URL for your object, you must provide your security credentials, specify a bucket name, an object key, specify the HTTP method (GET to download the object, PUT for uploading objects) and expiration date and time. The presigned URLs are valid only for the specified duration. Anyone who receives the presigned URL can then access the object. For example, if you have a video in your bucket and both the bucket and the object are private, you can share the video with others by generating a presigned URL.

How To Create AWS S3 Presigned URLs:

Prerequisites:

AWS CLI installed and configured with proper access.

https://cloudaffaire.com/how-to-install-aws-cli/

https://cloudaffaire.com/how-to-configure-aws-cli/

Step 1: Create a S3 bucket

## Create a new S3 bucket
aws s3api create-bucket \
--bucket cloudaffaire-presigned-demo \
--region ap-south-1 \
--create-bucket-configuration LocationConstraint=ap-south-1

## Create a new S3 bucket

aws s3api create-bucket \

--bucket cloudaffaire-presigned-demo \

--region ap-south-1 \

--create-bucket-configuration LocationConstraint=ap-south-1

Step 2: Upload an image to your S3 bucket

## Upload an object to the S3 bucket
aws s3api put-object \
--bucket cloudaffaire-presigned-demo \
--key myimage.jpg \
--body myimage.jpg

## Upload an object to the S3 bucket

aws s3api put-object \

--bucket cloudaffaire-presigned-demo \

--key myimage.jpg \

--body myimage.jpg

If you try to access the image as anonymous, you will get an access denied error.

Step 3: Create a presigned URLs for the image

## Create a presigned url for object myimage.jpg
aws s3 presign s3://cloudaffaire-presigned-demo/myimage.jpg \
--expires-in 3600 \
--region ap-south-1

## Create a presigned url for object myimage.jpg

aws s3 presign s3://cloudaffaire-presigned-demo/myimage.jpg \

--expires-in 3600 \

--region ap-south-1

Now if you try to access the image as anonymous, you can view the image.

Step 4: Finally you can remove the bucket along with object

aws s3 rb s3://cloudaffaire-presigned-demo –force

1	aws s3 rb s3://cloudaffaire-presigned-demo –force

Hope you have enjoyed this article. See you in next blog post.