If you have begun to use AWS but have not yet started working with AWS CLI, or one of their SDKs, this quick post with examples is for you!
This post assumes:
- You have an AWS Account, and
- Have installed AWS CLI v2 for your system, and
- Have completed aws configure, and
- You are familiar with Python3 and pip
Recently I was studying for my Developer Associate Exam and learned of presigned urls. These are URLs that can be generated by a credentialed AWS user that allow anyone with the designated url to access a S3 bucket and even perform a few actions. Presigned URLs are handy if you have a friend that you want to share those camping photos with or if you need a way for a client to upload some content to your bucket. Users will not require authentication and have the ability to perform actions for a limited time.
Let’s say you have an image, best-time.jpg, in an S3 bucket called my-photo-bucket, and you would like to share it with your friend. You know that she’s online this afternoon and will be able to access it within the next few hours.
Open up a shell and type the following:
aws s3 presign s3://my-photo-bucket/best-time.jpg --expires-in 10800
The output will look similar to this:
https://awsexamplebucket.s3.amazonaws.com/test2.txt?AWSAccessKeyId=AKIAEXAMPLEACCESSKEY&Signature=EXHCcBe%EXAMPLEKnz3r8O0AgEXAMPLE&Expires=1555531131
This URL will allow access to the best-time.jpg object for the next 10,800 seconds, or 3 hours. You can omit the –expires-in flag - the default is 1 hour.
Next, I will show how to do the same thing programmatically with Python and using the AWS Python SDK, boto3. In this case, SDK is synonymous with library. boto3 can be installed using pip and then imported into your script or shell.
For obtaining a presigned URL, the Boto3 documentation has provided us with the function. How fantastic is that? 🍰
import logging
import boto3
from botocore.exceptions import ClientError
def create_presigned_url(bucket_name, object_name, expiration=300):
"""Generate a presigned URL to share an S3 object
:param bucket_name: string
:param object_name: string
:param expiration: Time in seconds for presigned URL to remain valid
:return: Presigned URL as string. If error, returns None.
"""
# Generate a presigned URL for the S3 object
s3_client = boto3.client('s3')
try:
response = s3_client.generate_presigned_url('get_object', Params={'Bucket': bucket_name, 'Key': object_nam e}, ExpiresIn=expiration)
except ClientError as e:
logging.error(e)
return None
# The response contains the presigned URL
return response
To call simply import into a python shell and call with your bucket name, object name, and expiration. 🎉 Alternatively, copy the function to a script and add it to your library of programming tricks! 🎪