Sharing objects with presigned URLs - Amazon Simple Storage Service

Sharing objects with presigned URLs

By default, all Amazon S3 objects are private, only the object owner has permission to access them. However, the object owner may share objects with others by creating a presigned URL. A presigned URL uses security credentials to grant time-limited permission to download objects. The URL can be entered in a browser or used by a program to download the object. The credentials used by the presigned URL are those of the AWS user who generated the URL.

For general information about presigned URLs, see Working with presigned URLs.

You can create a presigned URL for sharing an object without writing any code by using the Amazon S3 console, AWS Explorer for Visual Studio (Windows), or AWS Toolkit for Visual Studio Code. You can also generate a presigned URL programmatically by using the AWS Command Line Interface (AWS CLI) or the AWS SDKs.

You can use the Amazon S3 console to generate a presigned URL for sharing an object by following these steps. When using the console the maximum expiration time for a presigned URL is 12 hours from the time of creation.

To generate a presigned URL by using the Amazon S3 console
  1. Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.

  2. In the left navigation pane, choose Buckets.

  3. In the Buckets list, choose the name of the bucket that contains the object that you want a presigned URL for.

  4. In the Objects list, select the object that you want to create a presigned URL for.

  5. On the Object actions menu, choose Share with a presigned URL.

  6. Specify how long you want the presigned URL to be valid.

  7. Choose Create presigned URL.

  8. When a confirmation appears, the URL is automatically copied to your clipboard. You will see a button to copy the presigned URL if you need to copy it again.

The following example AWS CLI command generates a presigned URL for sharing an object from an Amazon S3 bucket. When you use the AWS CLI, the maximum expiration time for a presigned URL is 7 days from the time of creation. To use this example, replace the user input placeholders with your own information.

aws s3 presign s3://DOC-EXAMPLE-BUCKET1/mydoc.txt --expires-in 604800

Note

For all AWS Regions launched after March 20, 2019 you need to specify the endpoint-url and AWS Region with the request. For a list of all the Amazon S3 Regions and endpoints, see Regions and Endpoints in the AWS General Reference.

aws s3 presign s3://DOC-EXAMPLE-BUCKET1/mydoc.txt --expires-in 604800 --region af-south-1 --endpoint-url https://s3.af-south-1.amazonaws.com

For more information, see presign in the AWS CLI Command Reference.

For examples of using the AWS SDKs to generate a presigned URL for sharing an object, see Create a presigned URL for Amazon S3 by using an AWS SDK.

When you use the AWS SDKs to generate a presigned URL, the maximum expiration time is 7 days from the time of creation.

Note

For all AWS Regions launched after March 20, 2019 you need to specify the endpoint-url and AWS Region with the request. For a list of all the Amazon S3 Regions and endpoints, see Regions and Endpoints in the AWS General Reference.

Note

When using the AWS SDKs, the Tagging attribute must be a header and not a query parameter. All other attributes can be passed as a parameter for the presigned URL.

Note

At this time, the AWS Toolkit for Visual Studio does not support Visual Studio for Mac.

  1. Install the AWS Toolkit for Visual Studio using the following instructions, Installing and setting up the Toolkit for Visual Studio in the AWS Toolkit for Visual Studio User Guide.

  2. Connect to AWS using the following steps, Connecting to AWS in the AWS Toolkit for Visual Studio User Guide.

  3. In the left side panel labeled AWS Explorer, double-click the bucket containing your object.

  4. Right-click the object you wish to have a presigned URL generated for and select Create Pre-Signed URL....

  5. In the pop-up window, set the expiration date and time for your presigned URL.

  6. The Object Key, should pre-populate based on the object you selected.

  7. Choose GET to specify that this presigned URL will be used for downloading an object.

  8. Choose the Generate button.

  9. To copy the URL to the clipboard, choose Copy.

  10. To use the generated presigned URL, paste the URL into any browser.

If you're using Visual Studio Code, you can generate a presigned URL to share an object without writing any code by using AWS Toolkit for Visual Studio Code. For general information, see AWS Toolkit for Visual Studio Code in the AWS Toolkit for Visual Studio Code User Guide.

For instructions on how to install the AWS Toolkit for Visual Studio Code, see Installing the AWS Toolkit for Visual Studio Code in the AWS Toolkit for Visual Studio Code User Guide.

  1. Connect to AWS using the following steps, Connecting to AWS Toolkit for Visual Studio Code in the AWS Toolkit for Visual Studio Code User Guide.

  2. Select the AWS logo on the left panel in Visual Studio Code.

  3. Under EXPLORER, select S3.

  4. Choose a bucket and file and open the context menu (right-click).

  5. Choose Generate presigned URL, and then set the expiration time (in minutes).

  6. Press Enter, and the presigned URL will be copied to your clipboard.