Python

aws | Generate a signed url for S3 object with expiry

Hello All,

Welcome back. This article will help you to get a signed url from aws for an object in your aws bucket. I was finding a way to allow the users to dowload a pdf stored in my aws bucket and I landed up writing this node script that will generate an aws signed url .

aws doc is at Generate a presigned URL in modular AWS SDK for JavaScript | AWS Developer Tools Blog (amazon.com)

My example is in Node.js

Packages needed

npm install aws-sdk

Package usage

const AWS = require('aws-sdk')

example code


        const s3 = new AWS.S3()
        
        const expirationSeconds = 3600 // The URL will be valid for 1 hour (3600 seconds)
        const params = {
            Bucket: "mybucket",
            Key: `test.pdf`,
            Expires: expirationSeconds,
        }

        s3.getSignedUrl('getObject', params, (err, url) => {
            if (err) {
                return res.status(500).send('Error while generating signed url from aws')
            } else {
                res.status(200).json({ url: url })
            }
        })

output

{
    "url": "<the url will be here>"
}

Hope this is very simple. Do try and let me know .

Benifits of AWS presigned urls

AWS (Amazon Web Services) presigned URLs offer several benefits in various scenarios. A presigned URL is a unique URL that grants temporary access to specific AWS resources, such as objects in an S3 bucket, without requiring the user to have their own AWS credentials. Here are some of the key benefits:

  1. Time-limited access: Presigned URLs are valid for a limited time, which you can define. This feature enhances security by reducing the window of exposure for access to sensitive data. Once the specified time expires, the URL becomes invalid, preventing any further access.
  2. Fine-grained access control: With presigned URLs, you can grant granular access permissions to individual users or entities for specific resources. This allows you to control who can access the resource and for how long, enhancing security and access management.
  3. Temporary sharing of private resources: Presigned URLs enable you to share private AWS resources (e.g., private objects in an S3 bucket) without the need to change the resource’s permissions permanently. This can be useful when you want to share content for a limited time with a third party or during temporary collaboration scenarios.
  4. Reducing server load: By using presigned URLs, you offload the responsibility of serving private content to AWS, reducing the load on your server infrastructure. This can be especially beneficial for websites with high traffic or heavy file-sharing requirements.
  5. Client-side control: The generation of presigned URLs typically occurs on the client-side (e.g., within your web application or mobile app). This enables you to determine when and how the access to resources is granted, giving you more control over the user experience.
  6. Easy implementation: Implementing presigned URLs is relatively straightforward, especially with AWS SDKs or third-party libraries. It doesn’t require complex authentication mechanisms, making it accessible to developers with varying levels of experience.
  7. Supports various AWS services: Presigned URLs can be used with various AWS services, including Amazon S3, Amazon CloudFront, Amazon API Gateway, and more. This flexibility allows you to apply the concept to different use cases, such as file downloads, media streaming, and secure API access.
  8. Security: Since presigned URLs are time-limited and don’t require the sharing of long-term credentials, they provide an additional layer of security. Even if a presigned URL is compromised, it becomes useless after its expiration time.
  9. Auditing and tracking: Presigned URLs can be logged and tracked, allowing you to monitor who accessed a resource and when. This can be valuable for compliance, security analysis, or debugging purposes.

Overall, presigned URLs in AWS offer a convenient and secure way to grant temporary access to private resources, reducing complexity in managing access permissions and enhancing the overall security posture of your applications.

Happy programming guys 🙂

Read the same article on my medium blog:

https://medium.com/@vipinc.007/aws-generate-a-signed-url-for-s3-object-with-expiry-3b953abae3bf

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

We use cookies to improve your experience on our website