Apps Development, AWS, Cloud Computing

4 Mins Read

A Guide to Access AWS S3 Objects Using Pre-Signed URL

Voiced by Amazon Polly

Introduction

AWS S3 (Simple Storage Service) is an Amazon Web Service (AWS) storage service. AWS S3 offers high scalability, security, data availability, and performance. We can store any data in an AWS S3 bucket. Also, we can organize the data by creating a folder(s) in a bucket. This blog will teach us the best way to access AWS S3 Objects.

 

Pioneers in Cloud Consulting & Migration Services

  • Reduced infrastructural costs
  • Accelerated application deployment
Get Started

Why is a Pre-Signed URL required?

AWS S3 is the most used storage service to store files. Most developers are publicly making the AWS S3 bucket available, but this approach is not recommended for security reasons.

AWS S3 Pre-Signed is the most recommended way to share the files of the Amazon S3 bucket. Using AWS S3 Pre-Signed URL, you can set permissions, expiration time, and operation on AWS S3 Objects (Files).
  • Permissions: AWS S3 Pre-Signed URL has the permission of the AWS IAM User or AWS Services. Pre-Signed URLs get all the access that the IAM user or AWS Services has on a specific AWS S3 bucket.
  • Expiration Time: We can define the expiration time of the AWS S3 Pre-Signed URL while creating the URL. Once the expiration time passes, the Pre-Signed URL will automatically be expired.
  • Resources: You can specify a file or bucket name while creating the Pre-Signed URL.

Steps to create a Pre-Signed URL using AWS SDK

Step 1:  Create an IAM user.

  • Search IAM services on the AWS console and select IAM service
  • Select Users options in Access Management

step1

  • Select Add Users

step1b

  • Enter your Username and select Programmatic Access as an access type. You can give any username but ensure you give programmatic access to that user.

step1c

  • On the next step, select Attach Existing policies directly and click on Create a policy

step1d

  • On the Create Policy screen. Select Amazon S3 as a service, Get Object as an action, and Amazon S3 bucket as a specific resource.

step1e

  • Keep everything else as default, give the policy name, and click on Create a policy

step1f

  • Select the policy for the IAM user you created in the previous steps. And at the end, you will receive that user’s access key, the secret key.

Note: Download that access key and secret key because this is the last time these credentials will be available to see or download.

step1g

Step 2: Generate a Pre-Signed URL using AWS-SDK

  • Install AWS SDK in your project to generate a pre-signed URL
  • Import downloaded SDK into your project
  • Add the following code snippet to get a pre-signed URL

In the following code snippet, initialize the AWS by passing the access key, secret key, and region. After that, initialize the Amazon S3 object. At last, call the getSignedUrl function of the Amazon S3 object by passing the bucket name, file name, and expiry time.

It will provide a single URL accessible for a specified period, determined by the expiry time you pass. In our case, it will be valid for 3600 seconds. You can use this pre-signed URL to access the file, whatever you passed as a key.

Conclusion

By generating a pre-signed URL, you can temporarily access a file without making it publicly available, offering a secure and controlled method for granting time-limited file access. A pre-signed URL involves appending authentication information to the URL, such as expiration time, access permissions, and other pertinent details. This enables individuals possessing the pre-signed URL to access the file within the specified timeframe without compromising its security or exposing it to the public. This approach is valuable for sharing confidential or sensitive files with specifically authorized individuals or within a restricted timeframe, ensuring that only authorized parties can access the file during the designated period.

Making IT Networks Enterprise-ready – Cloud Management Services

  • Accelerated cloud migration
  • End-to-end view of the cloud environment
Get Started

About CloudThat

CloudThat is a leading provider of Cloud Training and Consulting services with a global presence in India, the USA, Asia, Europe, and Africa. Specializing in AWS, Microsoft Azure, GCP, VMware, Databricks, and more, the company serves mid-market and enterprise clients, offering comprehensive expertise in Cloud Migration, Data Platforms, DevOps, IoT, AI/ML, and more.

CloudThat is the first Indian Company to win the prestigious Microsoft Partner 2024 Award and is recognized as a top-tier partner with AWS and Microsoft, including the prestigious ‘Think Big’ partner award from AWS and the Microsoft Superstars FY 2023 award in Asia & India. Having trained 850k+ professionals in 600+ cloud certifications and completed 500+ consulting projects globally, CloudThat is an official AWS Advanced Consulting Partner, Microsoft Gold Partner, AWS Training PartnerAWS Migration PartnerAWS Data and Analytics PartnerAWS DevOps Competency PartnerAWS GenAI Competency PartnerAmazon QuickSight Service Delivery PartnerAmazon EKS Service Delivery Partner AWS Microsoft Workload PartnersAmazon EC2 Service Delivery PartnerAmazon ECS Service Delivery PartnerAWS Glue Service Delivery PartnerAmazon Redshift Service Delivery PartnerAWS Control Tower Service Delivery PartnerAWS WAF Service Delivery PartnerAmazon CloudFront Service Delivery PartnerAmazon OpenSearch Service Delivery PartnerAWS DMS Service Delivery PartnerAWS Systems Manager Service Delivery PartnerAmazon RDS Service Delivery PartnerAWS CloudFormation Service Delivery PartnerAWS ConfigAmazon EMR and many more.

FAQs

1. Can we add files using a pre-signed URL?

ANS: – Yes, we can upload the files using a pre-signed URL, for that we need to give write access in policy (i.e., PutObject).

2. Can we use pre-signed URLs to serve content on the website?

ANS: – Yes, we can use pre-signed URLs on the website. You might need to write a function that generates a pre-signed URL for a limited period.

WRITTEN BY Mayur Patel

Share

Comments

    Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!