Generating Presigned URLs for Sharing S3 Objects: A Lab Guide

By default, all Amazon S3 objects are private and object owner can access them. No one can access other then owner , however Pre-signed URL for an Amazon S3 object allows anyone who receives the S3 presigned URL to retrieve the S3 object with an HTTP GET request. All presigned URL’s now can use sigv4 so the region needs to be configured explicitly.

Method 1- Sharing Object using AWS console.

A Test file Uploaded in S3 bucket.

Try to access object with S3 URL. we can see it is not accessible.

Select the object and drop down ActionsTab and select Share with presigned URL

object>>Actions>> Share with a presigned URL

Only 12 hrs lifetime can be selected only and hit create presigend URL

Copy URL and share with user

S3 Presigned URL is vailable for 120 Min only

https://onlymybucket01.s3.us-east-1.amazonaws.com/S3test.txt?response-content-disposition=inline&X-Amz-Security-Token=IQoJb3JpZ2luX2VjEBYaDmFwLXNvdXRoZWFzdC0yIkcwRQIgSpX7lnu3s%2BDbUvMcEpL4ppv7tyoM0FQ0kscRBRHXuaUCIQD8lgWfEQluqbweMUp9OyxZV83O7lCDeJzVLpZeorti%2FyrtAgjP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDgyMzM1NzQwMzUxMiIM4pdbgUUzepjRp1U8KsECsUAC%2BnvbYYDQ9sFCyFHbCT8GsTtC6KMsr8HR4c3sm%2Bl%2B2bfP8qsK2Qbk4ZwlqSoPj0HuWPI3n%2BsSXln4ng2DunArXGCWs4ErOxpr%2BTM2ee%2BLhvsGQaRiC1Uw0lHVippYMui1SySYgkmlKk6XGuqO1TperWwm7%2B1%2B269pXvBaLIs%2BAHvELD07%2FWyzcsouc136vVuOMusAg%2F6XhKpWH0%2FSjx3V%2FWdsLpLtWE0k%2BjKf%2BL02v86nWKZYTZB5yDKSVRAbPidwAYZokBfNxTze6mnABZyv1owOnK9wGythGfByC9nMwKU2uvoj4anUjy%2BKzHdP9h5siH%2FX9H2FPpUqOYVH5WJBrIumnwkaLp8xufEE0bw%2F0QrcWPjd13eDxqOovGHT58uoX3bz49bzXBB5yXAtPrrYmahJ6D5G8jV78JPouLoNMOuAjKcGOrMCP2qmywmPQbLIsgUu6bYmLiy%2FP9Wd4Ug39zg7oww7K6JHGGO8M9%2FS0lA75Nhy%2BNdStzAEZMKAZ%2BA50WoKITGNysc%2F6qPZR6VtzHcgrzSCXBG52VT7iwCdqbmb10zl4Ple75dB7r6P9eba770OAM3txIAOF9K5wGum7hXgnPYjy76Jjo0WcejLdNRHCs6byu%2FPa5jmBl%2F7S%2BjfdLUS5mHLI4HO12r5OyAehoFmXyRsyv%2FCVDlEkRmwe%2FuAIPpRCyB1V2Di7V6AX6%2FNC%2BXOeDSbXOIMLYHO2EuM6UGKcECHm3KtwtuTEOBlH40h8VmEJS18srfcJlvNjxFc808OOWsis6uC%2Bc83tmZu6QJyPPOBUgeWi0us1RV9q1u%2Bizftw94N817okqALyTfjtYyqPv5f4V3%2BQg%3D%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20230821T062159Z&X-Amz-SignedHeaders=host&X-Amz-Expires=7200&X-Amz-Credential=ASIA37M7M6F4A3H4FEW4%2F20230821%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=07070c2f4658cbd11fb9a7b76cf100322c8834482b574064b843d019a26f4e8c

Now if we access s3 object it is now accessible

Method 2- Sharing Object using AWS CLI.

Please refer below link for CLI Installation and Usage.

Get started with the AWS CLI – AWS Command Line Interface (amazon.com)

Check If AWS is installed else refer the link for installation.

Upload one test file(S3test2.txt) for CLI example

Now try to access it , it is acess denied

Example 1: Pre-signed URL with the default one hour lifetime for an object in an S3 bucket

The following presign command generates a pre-signed URL for a specified bucket and key that is valid for one hour.

aws s3 presign s3://BUCKET-NAME/test2.txt

It is now accessble for everyone who has this link for 1 hr

Example 2: Pre-signed URL with a custom lifetime for an object in an S3 bucket

The following presign command generates a pre-signed URL for a specified bucket and key that is valid for one week.

aws s3 presign s3://BUCKET-NAME/test2.txt  --expires-in 604800(min)