Understanding the Presigned URL
Below is an example Presigned URL:
https://bucket.s3.region.amazonaws.com/Ninjafile.jpg?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=random-aws-credential-to-identify-the-signer&X-Amz-Date=timestamp-of-generation-of-url&X-Amz-Expires=validity-from-generation-timestamp&X-Amz-Signature=6zzca349-f6c2-38bd-98ce-4bs464fb45cc&X-Amz-SignedHeaders=host
Parameters
Looking carefully at the above URL, we can see the following parameters. AWS Software Development Kit automatically generates these.
-
X-AMZ-Algorithm: Specifies the encryption algorithm used for authentication in AWS requests.
-
X-AMZ-Credential: Contains the AWS access key and security token used to authenticate the request.
-
X-AMZ-Date: The date and time at which the request was made, formatted according to AWS standards.
-
X-AMZ-Expires: Specifies the expiration time for the request, after which it is no longer valid.
-
X-AMZ-Signature: The cryptographic signature generated using the request data, credentials, and specified algorithm, used for request authentication.
-
X-AMZ-SignedHeaders: Lists the headers included in the request that is part of the signature, ensuring their integrity and authenticity.
When a user attempts to access S3 files using a Presigned URL, S3 validates the signature by computing it with the provided credentials, including any optional SignedHeaders parameter. It then verifies the signature's validity and checks if the link has expired before granting access to the requested resource.
Generating Presigned URL using Python for S3 Bucket
To generate a Presigned URL, we first need to install the boto3 package in Python. It is the official AWS Software Development Kit ( SDK ) for Python. Type the below command to install boto3:
Command
pip install boto3
Now type the following command in Python IDE to generate a Presigned URL:
Code
import boto3
AWS_S3_REGION = 'ap-south-1'
AWS_S3_BUCKET_NAME = "Ninja_s3_bucket"
AWS_S3_FILE_NAME = "Ninjafile.jpg"
PRESIGNED_URL_EXPIRY = 3600 # in seconds
s3_client = boto3.client('s3', aws_access_key_id=AWS_ACCESS_KEY_ID, region_name=AWS_S3_REGION, aws_secret_access_key=AWS_SECRET_ACCESS_KEY,)
presigned_url = s3_client.generate_presigned_url('get_object', Params={"Bucket": AWS_S3_BUCKET_NAME, "Key": AWS_S3_FILE_NAME}, ExpiresIn=PRESIGNED_URL_EXPIRY)
if presigned_url:
print("Presigned URL: ", presigned_url)
You can also try this code with Online Python Compiler
Explanation
Let’s see what is happening in the above code:
-
The boto3 library is imported to interact with AWS services.
-
Constants such as AWS_S3_REGION, AWS_S3_BUCKET_NAME, AWS_S3_FILE_NAME, and PRESIGNED_URL_EXPIRY are defined. These values represent the AWS S3 region, bucket name, file name/key, and the expiration time (in seconds) for the Presigned URL.
-
An S3 client is created using boto3.client() by passing in the necessary parameters such as the service name ('s3'), AWS access key ID, AWS secret access key, and region name.
-
Then the generate_presigned_url method is invoked. The method is called with the operation name ('get_object') and a dictionary containing the parameters 'Bucket' (the S3 bucket name) and 'Key' (the S3 object key/file name). The 'ExpiresIn' parameter specifies the duration for which the Presigned URL will be valid.
- If the Presigned URL is successfully generated, it is printed to the console.
GET Request using Presigned URL
Let’s see how we can make a GET request if we have a Presigned URL to get the bucket object.
Code
import requests
presigned_url = 'https://example-bucket.s3.amazonaws.com/example-object?AWSAccessKeyId=OUR_ACCESS_KEY&Signature=URL_SIGNATURE&Expires=1621962000'
response = requests.get(presigned_url)
if response.status_code == 200:
# Successful GET request
print("Object downloaded successfully!")
# Access the object content
object_content = response.content
# Perform further operations with the object content
# ...
else:
# Error occurred
print(f"Error: {response.status_code}")
You can also try this code with Online Python Compiler
Explanation
In the above code:
-
presigned_url is sent as a parameter in the requests.get() function.
-
To use the above function, we first have to import the requests library in Python. It can be installed using “pip install requests.”
- When the request is successful (status code 200), we can access the object's content using response.content.
Frequently Asked Questions
How long can a Presigned S3 URL last?
The duration of Presigned S3 URLs is determined by the expiration time specified during its generation and can be from a few seconds to up to seven days.
How is a Presigned URL different from a standard URL?
A Presigned URL includes authentication information and allows temporary access to an S3 object, whereas a standard URL typically provides public access to a resource without authentication.
What is the limit size of Presigned URL?
The size limit of a Presigned URL depends on the maximum length allowed by the HTTP protocol, which is typically around 2,048 characters.
What is the object key in S3?
The object key in S3 is a unique identifier that represents the name or path of an object within a bucket, allowing us to retrieve or manipulate the specific object.
What is the S3 bucket endpoint?
The S3 bucket endpoint is a unique URL provided by AWS that is the entry point to access the objects within an S3 bucket. The endpoint varies depending on the AWS region and follows a specific format, such as "s3.amazonaws.com" or "s3-<region>.amazonaws.com".
Conclusion
S3 Presigned URLs offer a secure and flexible way to grant temporary access to objects stored in Amazon S3. With fine-grained control over permissions and expiration times, Presigned URLs provide a powerful mechanism for sharing private files, enabling uploads, and integrating with third-party services. By leveraging this feature, businesses can enhance data security, simplify infrastructure, and improve user experiences when working with S3 objects.
Read our other related blogs:
You may refer to our Guided Path on Code Studios to enhance your skill set on DSA, Competitive Programming, System Design, etc. Check out essential interview questions, practice our available mock tests, look at the interview bundle for interview preparations, and so much more!
Happy Learning, Ninjas!
84+ registered