Certified Security - Specialty

Sign Up Free or Log In to participate!

AWS CLI S3 presigned URLs


To clarify what the aws s3 presign ... command can do for you, was not that clear in the lecture. So I researched a bit to get the following information:

The aws s3 presign ... CLI command can create a URL for the s3:GetObject action, so only GetObject is possible with the CLI. See the SourceCode snippet appended:

class PresignCommand(S3Command):  
NAME = 'presign'  
"Generate a pre-signed URL for an Amazon S3 object. This allows "  
"anyone who receives the pre-signed URL to retrieve the S3 object "  
"with an HTTP GET request. For sigv4 requests the region needs to be "  
"configured explicitly."  
USAGE = ""  
ARG_TABLE = [{'name': 'path',  
'positional_arg': True, 'synopsis': USAGE},  
{'name': 'expires-in', 'default': 3600,  
'cli_type_name': 'integer',  
'help_text': (  
'Number of seconds until the pre-signed '  
'URL expires. Default is 3600 seconds.')}]  
def _run_main(self, parsed_args, parsed_globals):  
super(PresignCommand, self)._run_main(parsed_args, parsed_globals)  
path = parsed_args.path  
if path.startswith('s3://'):  
path = path[5:]  
bucket, key = find_bucket_key(path)  
url = self.client.generate_presigned_url(  
{'Bucket': bucket, 'Key': key},  
return 0

Also you can specify a –expires-in option, keep in mind that the presigned URL is created using the provided credentials, if they are from an AWS EC2 Instance Profile as in the lecture you can only get a duration capped at the expiration time of the token. For reference look at the following Dokumentation: https://aws.amazon.com/premiumsupport/knowledge-center/presigned-url-s3-bucket-expiration/

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?