Share S3 files using pre-signed url

S3 by default keep all objects as private, only the owner has permission to access it, this is great to prevent sensitive information to accidentally be publicly available. But and when we need to share an object/file? Which is the best way to do that?

S3 provides a possibility to generate pre-signed URLs and this URL will be valid for a period of time and anyone with this URL can access the object/file.

We can create a pre-signed URL using awscli, the only thing that we need to ensure is that the user configured for the cli is able to access the object. For example, to create a pre-signed URL giving GET access to the object MyDocument.pdf our cli user must be able to get it.

The to create the pre-signed URL we need to run:

aws s3 presign s3://lernentec.com/MyDocument.pdf --expires-in 1800

This example above will create a pre-signed URL for the file MyDocument.pdf present on the S3 bucket lernentec.com and the pre-signed URL will be valid for 1800 seconds or 30 minutes, the default value is 3600 if no other is specified. Then, the command will provide an output like:

https://s3.amazonaws.com/lernentec.com/MyDocument.pdf?AWSAccessKeyId=ALSJDASKDJADLKJA&Signature=B2Nd4T9YGZss1ENdPrWgS9V5Ofg%3D&Expires=1551281976

Note that the pre-signed URL has AWSAccessKeyId information, a signature and the expiration time.

Source: https://docs.aws.amazon.com/cli/latest/reference/s3/presign.html