Pre-Signed URLs

With object storage, URLs are used to identify and access specific objects. To perform operations on objects within a private bucket, one must calculate and submit an authentication signature along with the request, which requires possession of an access key and secret access key. However, there are times when access to keys is not available. For these scenarios, a pre-signed URL can also be generated, which gives you access to perform operations on an object, but without the need to possess the access keys.

For example, you could generate a pre-signed URL to download an object from a private a bucket, and share that URL with another individual. This would grant the individual download access, without you having to share your access credentials with them.

Pre-signed URLs can also be utilized by users and customers to upload specific objects to private buckets.

It should also be noted that pre-signed URLs are only valid until the specified time and date. All actions, such as uploading and downloading objects, must be completed before the expiration time and date. A pre-signed URL can be used multiple times, as long as it is before the expiration time and date.

Using AWS CLI to generate a pre-signed S3 URL

If you haven't used AWS CLI before, see here for our guide on configuring and getting started using AWS CLI.

To create a pre-signed URL with AWS CLI:

aws s3 --endpoint https://s3.filebase.com presign s3://filebase-bucket-name/file.name

This command should return a pre-signed URL. By default, the expiration time is one hour. You can specify a different expiration time by adding the flag --expires-in followed by the number of minutes.

Using Python and Boto3 to generate a pre-signed S3 URL

This example for generating a pre-signed URL uses Python. You can generate pre-signed URLs for use with Java, JavaScript, Ruby, and .NET frameworks as well.

1. Edit the code below to include your Filebase access key and secret key, then save the code as a .py file.

import boto3
import requests
import json

from botocore.config import Config

s3 = boto3.client('s3')

boto_config = Config(
					region_name = 'us-east-1',
					signature_version = 's3v4')

s3 = boto3.client(
					's3',
					endpoint_url = 'https://s3.filebase.com',
					aws_access_key_id='FilebaseAccess-Key',
					aws_secret_access_key='Filebase-Secret-Key',
					config=boto_config)

bucket = input("Enter your Bucket Name: ")
key= input("Enter your desired object for this upload: ")

print (" Generating pre-signed url...")

response = s3.generate_presigned_url('put_object', Params={'Bucket':bucket,'Key':key}, ExpiresIn=3600, HttpMethod='PUT')

print (response)

if response is None:
		exit(1)

response = requests.put(response)

print('PUT status_code: ', response.status_code)
print('PUT content: ', response.content)

This example uses an expiration time of 3600 seconds.

2. In a terminal window, navigate to the directory where you saved the .py folder. Execute the python script.

3. Enter your bucket name and desired object name to upload.

4. The terminal will return a pre-signed URL as seen below. Copy this URL to your clipboard.

5. From the terminal, use the following curl command to upload any file to Filebase using the pre-signed URL:

curl --request PUT --upload-file "http://your-pre-signed-url"

6. Confirm that the file has been uploaded by checking the Filebase web console for your bucket.