AWS SDK を使用して Amazon S3 の署名付き URL を作成する
次のコード例は、Amazon S3 の署名付き URL を作成し、オブジェクトをアップロードする方法を示しています。
- .NET
-
- AWS SDK for .NET
-
注記
GitHub には、その他のリソースもあります。AWSコード例リポジトリ
で全く同じ例を見つけて、設定と実行の方法を確認してください。 Amazon S3 アクションを期間限定で実行できる署名付き URL を生成します。
using System; using Amazon; using Amazon.S3; using Amazon.S3.Model; public class GenPresignedUrl { public static void Main() { const string bucketName = "amzn-s3-demo-bucket"; const string objectKey = "sample.txt"; // Specify how long the presigned URL lasts, in hours const double timeoutDuration = 12; // Specify the AWS Region of your Amazon S3 bucket. If it is // different from the Region defined for the default user, // pass the Region to the constructor for the client. For // example: new AmazonS3Client(RegionEndpoint.USEast1); // If using the Region us-east-1, and server-side encryption with AWS KMS, you must specify Signature Version 4. // Region us-east-1 defaults to Signature Version 2 unless explicitly set to Version 4 as shown below. // For more details, see https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingAWSSDK.html#specify-signature-version // and https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Amazon/TAWSConfigsS3.html AWSConfigsS3.UseSignatureVersion4 = true; IAmazonS3 s3Client = new AmazonS3Client(RegionEndpoint.USEast1); string urlString = GeneratePresignedURL(s3Client, bucketName, objectKey, timeoutDuration); Console.WriteLine($"The generated URL is: {urlString}."); } /// <summary> /// Generate a presigned URL that can be used to access the file named /// in the objectKey parameter for the amount of time specified in the /// duration parameter. /// </summary> /// <param name="client">An initialized S3 client object used to call /// the GetPresignedUrl method.</param> /// <param name="bucketName">The name of the S3 bucket containing the /// object for which to create the presigned URL.</param> /// <param name="objectKey">The name of the object to access with the /// presigned URL.</param> /// <param name="duration">The length of time for which the presigned /// URL will be valid.</param> /// <returns>A string representing the generated presigned URL.</returns> public static string GeneratePresignedURL(IAmazonS3 client, string bucketName, string objectKey, double duration) { string urlString = string.Empty; try { var request = new GetPreSignedUrlRequest() { BucketName = bucketName, Key = objectKey, Expires = DateTime.UtcNow.AddHours(duration), }; urlString = client.GetPreSignedURL(request); } catch (AmazonS3Exception ex) { Console.WriteLine($"Error:'{ex.Message}'"); } return urlString; } }
署名済み URL を生成し、その URL を使用してアップロードを実行します。
using System; using System.IO; using System.Net.Http; using System.Threading.Tasks; using Amazon; using Amazon.S3; using Amazon.S3.Model; /// <summary> /// This example shows how to upload an object to an Amazon Simple Storage /// Service (Amazon S3) bucket using a presigned URL. The code first /// creates a presigned URL and then uses it to upload an object to an /// Amazon S3 bucket using that URL. /// </summary> public class UploadUsingPresignedURL { private static HttpClient httpClient = new HttpClient(); public static async Task Main() { string bucketName = "amzn-s3-demo-bucket"; string keyName = "samplefile.txt"; string filePath = $"source\\{keyName}"; // Specify how long the signed URL will be valid in hours. double timeoutDuration = 12; // Specify the AWS Region of your Amazon S3 bucket. If it is // different from the Region defined for the default user, // pass the Region to the constructor for the client. For // example: new AmazonS3Client(RegionEndpoint.USEast1); // If using the Region us-east-1, and server-side encryption with AWS KMS, you must specify Signature Version 4. // Region us-east-1 defaults to Signature Version 2 unless explicitly set to Version 4 as shown below. // For more details, see https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingAWSSDK.html#specify-signature-version // and https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Amazon/TAWSConfigsS3.html AWSConfigsS3.UseSignatureVersion4 = true; IAmazonS3 client = new AmazonS3Client(RegionEndpoint.USEast1); var url = GeneratePreSignedURL(client, bucketName, keyName, timeoutDuration); var success = await UploadObject(filePath, url); if (success) { Console.WriteLine("Upload succeeded."); } else { Console.WriteLine("Upload failed."); } } /// <summary> /// Uploads an object to an Amazon S3 bucket using the presigned URL passed in /// the url parameter. /// </summary> /// <param name="filePath">The path (including file name) to the local /// file you want to upload.</param> /// <param name="url">The presigned URL that will be used to upload the /// file to the Amazon S3 bucket.</param> /// <returns>A Boolean value indicating the success or failure of the /// operation, based on the HttpWebResponse.</returns> public static async Task<bool> UploadObject(string filePath, string url) { using var streamContent = new StreamContent( new FileStream(filePath, FileMode.Open, FileAccess.Read)); var response = await httpClient.PutAsync(url, streamContent); return response.IsSuccessStatusCode; } /// <summary> /// Generates a presigned URL which will be used to upload an object to /// an Amazon S3 bucket. /// </summary> /// <param name="client">The initialized Amazon S3 client object used to call /// GetPreSignedURL.</param> /// <param name="bucketName">The name of the Amazon S3 bucket to which the /// presigned URL will point.</param> /// <param name="objectKey">The name of the file that will be uploaded.</param> /// <param name="duration">How long (in hours) the presigned URL will /// be valid.</param> /// <returns>The generated URL.</returns> public static string GeneratePreSignedURL( IAmazonS3 client, string bucketName, string objectKey, double duration) { var request = new GetPreSignedUrlRequest { BucketName = bucketName, Key = objectKey, Verb = HttpVerb.PUT, Expires = DateTime.UtcNow.AddHours(duration), }; string url = client.GetPreSignedURL(request); return url; } }
- C++
-
- SDK for C++
-
注記
GitHub には、その他のリソースもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 オブジェクトをダウンロードするための署名付き URL を生成します。
//! Routine which demonstrates creating a pre-signed URL to download an object from an //! Amazon Simple Storage Service (Amazon S3) bucket. /*! \param bucketName: Name of the bucket. \param key: Name of an object key. \param expirationSeconds: Expiration in seconds for pre-signed URL. \param clientConfig: Aws client configuration. \return Aws::String: A pre-signed URL. */ Aws::String AwsDoc::S3::generatePreSignedGetObjectUrl(const Aws::String &bucketName, const Aws::String &key, uint64_t expirationSeconds, const Aws::S3::S3ClientConfiguration &clientConfig) { Aws::S3::S3Client client(clientConfig); return client.GeneratePresignedUrl(bucketName, key, Aws::Http::HttpMethod::HTTP_GET, expirationSeconds); }
libcurl を使用してダウンロードします。
static size_t myCurlWriteBack(char *buffer, size_t size, size_t nitems, void *userdata) { Aws::StringStream *str = (Aws::StringStream *) userdata; if (nitems > 0) { str->write(buffer, size * nitems); } return size * nitems; } //! Utility routine to test getObject with a pre-signed URL. /*! \param presignedURL: A pre-signed URL to get an object from a bucket. \param resultString: A string to hold the result. \return bool: Function succeeded. */ bool AwsDoc::S3::getObjectWithPresignedObjectUrl(const Aws::String &presignedURL, Aws::String &resultString) { CURL *curl = curl_easy_init(); CURLcode result; std::stringstream outWriteString; result = curl_easy_setopt(curl, CURLOPT_WRITEDATA, &outWriteString); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_WRITEDATA " << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, myCurlWriteBack); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_WRITEFUNCTION" << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_URL, presignedURL.c_str()); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_URL" << std::endl; return false; } result = curl_easy_perform(curl); if (result != CURLE_OK) { std::cerr << "Failed to perform CURL request" << std::endl; return false; } resultString = outWriteString.str(); if (resultString.find("<?xml") == 0) { std::cerr << "Failed to get object, response:\n" << resultString << std::endl; return false; } return true; }
オブジェクトをアップロードするための署名付き URL を生成します。
//! Routine which demonstrates creating a pre-signed URL to upload an object to an //! Amazon Simple Storage Service (Amazon S3) bucket. /*! \param bucketName: Name of the bucket. \param key: Name of an object key. \param clientConfig: Aws client configuration. \return Aws::String: A pre-signed URL. */ Aws::String AwsDoc::S3::generatePreSignedPutObjectUrl(const Aws::String &bucketName, const Aws::String &key, uint64_t expirationSeconds, const Aws::S3::S3ClientConfiguration &clientConfig) { Aws::S3::S3Client client(clientConfig); return client.GeneratePresignedUrl(bucketName, key, Aws::Http::HttpMethod::HTTP_PUT, expirationSeconds); }
libcurl を使用してアップロードします。
static size_t myCurlReadBack(char *buffer, size_t size, size_t nitems, void *userdata) { Aws::StringStream *str = (Aws::StringStream *) userdata; str->read(buffer, size * nitems); return str->gcount(); } static size_t myCurlWriteBack(char *buffer, size_t size, size_t nitems, void *userdata) { Aws::StringStream *str = (Aws::StringStream *) userdata; if (nitems > 0) { str->write(buffer, size * nitems); } return size * nitems; } //! Utility routine to test putObject with a pre-signed URL. /*! \param presignedURL: A pre-signed URL to put an object in a bucket. \param data: Body of the putObject request. \return bool: Function succeeded. */ bool AwsDoc::S3::PutStringWithPresignedObjectURL(const Aws::String &presignedURL, const Aws::String &data) { CURL *curl = curl_easy_init(); CURLcode result; Aws::StringStream readStringStream; readStringStream << data; result = curl_easy_setopt(curl, CURLOPT_READFUNCTION, myCurlReadBack); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_READFUNCTION" << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_READDATA, &readStringStream); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_READDATA" << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t) data.size()); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_INFILESIZE_LARGE" << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, myCurlWriteBack); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_WRITEFUNCTION" << std::endl; return false; } std::stringstream outWriteString; result = curl_easy_setopt(curl, CURLOPT_WRITEDATA, &outWriteString); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_WRITEDATA " << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_URL, presignedURL.c_str()); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_URL" << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_PUT" << std::endl; return false; } result = curl_easy_perform(curl); if (result != CURLE_OK) { std::cerr << "Failed to perform CURL request" << std::endl; return false; } std::string outString = outWriteString.str(); if (outString.empty()) { std::cout << "Successfully put object." << std::endl; return true; } else { std::cout << "A server error was encountered, output:\n" << outString << std::endl; return false; } }
- Go
-
- SDK for Go V2
-
注記
GitHub には、その他のリソースもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 S3 署名アクションをラップする関数を作成します。
// Presigner encapsulates the Amazon Simple Storage Service (Amazon S3) presign actions // used in the examples. // It contains PresignClient, a client that is used to presign requests to Amazon S3. // Presigned requests contain temporary credentials and can be made from any HTTP client. type Presigner struct { PresignClient *s3.PresignClient } // GetObject makes a presigned request that can be used to get an object from a bucket. // The presigned request is valid for the specified number of seconds. func (presigner Presigner) GetObject( bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) { request, err := presigner.PresignClient.PresignGetObject(context.TODO(), &s3.GetObjectInput{ Bucket: aws.String(bucketName), Key: aws.String(objectKey), }, func(opts *s3.PresignOptions) { opts.Expires = time.Duration(lifetimeSecs * int64(time.Second)) }) if err != nil { log.Printf("Couldn't get a presigned request to get %v:%v. Here's why: %v\n", bucketName, objectKey, err) } return request, err } // PutObject makes a presigned request that can be used to put an object in a bucket. // The presigned request is valid for the specified number of seconds. func (presigner Presigner) PutObject( bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) { request, err := presigner.PresignClient.PresignPutObject(context.TODO(), &s3.PutObjectInput{ Bucket: aws.String(bucketName), Key: aws.String(objectKey), }, func(opts *s3.PresignOptions) { opts.Expires = time.Duration(lifetimeSecs * int64(time.Second)) }) if err != nil { log.Printf("Couldn't get a presigned request to put %v:%v. Here's why: %v\n", bucketName, objectKey, err) } return request, err } // DeleteObject makes a presigned request that can be used to delete an object from a bucket. func (presigner Presigner) DeleteObject(bucketName string, objectKey string) (*v4.PresignedHTTPRequest, error) { request, err := presigner.PresignClient.PresignDeleteObject(context.TODO(), &s3.DeleteObjectInput{ Bucket: aws.String(bucketName), Key: aws.String(objectKey), }) if err != nil { log.Printf("Couldn't get a presigned request to delete object %v. Here's why: %v\n", objectKey, err) } return request, err }
署名付き URL を生成して使用し、S3 オブジェクトをアップロード、ダウンロード、削除するインタラクティブな例を実行します。
// RunPresigningScenario is an interactive example that shows you how to get presigned // HTTP requests that you can use to move data into and out of Amazon Simple Storage // Service (Amazon S3). The presigned requests contain temporary credentials and can // be used by an HTTP client. // // 1. Get a presigned request to put an object in a bucket. // 2. Use the net/http package to use the presigned request to upload a local file to the bucket. // 3. Get a presigned request to get an object from a bucket. // 4. Use the net/http package to use the presigned request to download the object to a local file. // 5. Get a presigned request to delete an object from a bucket. // 6. Use the net/http package to use the presigned request to delete the object. // // This example creates an Amazon S3 presign client from the specified sdkConfig so that // you can replace it with a mocked or stubbed config for unit testing. // // It uses a questioner from the `demotools` package to get input during the example. // This package can be found in the ..\..\demotools folder of this repo. // // It uses an IHttpRequester interface to abstract HTTP requests so they can be mocked // during testing. func RunPresigningScenario(sdkConfig aws.Config, questioner demotools.IQuestioner, httpRequester IHttpRequester) { defer func() { if r := recover(); r != nil { fmt.Printf("Something went wrong with the demo.") } }() log.Println(strings.Repeat("-", 88)) log.Println("Welcome to the Amazon S3 presigning demo.") log.Println(strings.Repeat("-", 88)) s3Client := s3.NewFromConfig(sdkConfig) bucketBasics := actions.BucketBasics{S3Client: s3Client} presignClient := s3.NewPresignClient(s3Client) presigner := actions.Presigner{PresignClient: presignClient} bucketName := questioner.Ask("We'll need a bucket. Enter a name for a bucket "+ "you own or one you want to create:", demotools.NotEmpty{}) bucketExists, err := bucketBasics.BucketExists(bucketName) if err != nil { panic(err) } if !bucketExists { err = bucketBasics.CreateBucket(bucketName, sdkConfig.Region) if err != nil { panic(err) } else { log.Println("Bucket created.") } } log.Println(strings.Repeat("-", 88)) log.Printf("Let's presign a request to upload a file to your bucket.") uploadFilename := questioner.Ask("Enter the path to a file you want to upload:", demotools.NotEmpty{}) uploadKey := questioner.Ask("What would you like to name the uploaded object?", demotools.NotEmpty{}) uploadFile, err := os.Open(uploadFilename) if err != nil { panic(err) } defer uploadFile.Close() presignedPutRequest, err := presigner.PutObject(bucketName, uploadKey, 60) if err != nil { panic(err) } log.Printf("Got a presigned %v request to URL:\n\t%v\n", presignedPutRequest.Method, presignedPutRequest.URL) log.Println("Using net/http to send the request...") info, err := uploadFile.Stat() if err != nil { panic(err) } putResponse, err := httpRequester.Put(presignedPutRequest.URL, info.Size(), uploadFile) if err != nil { panic(err) } log.Printf("%v object %v with presigned URL returned %v.", presignedPutRequest.Method, uploadKey, putResponse.StatusCode) log.Println(strings.Repeat("-", 88)) log.Printf("Let's presign a request to download the object.") questioner.Ask("Press Enter when you're ready.") presignedGetRequest, err := presigner.GetObject(bucketName, uploadKey, 60) if err != nil { panic(err) } log.Printf("Got a presigned %v request to URL:\n\t%v\n", presignedGetRequest.Method, presignedGetRequest.URL) log.Println("Using net/http to send the request...") getResponse, err := httpRequester.Get(presignedGetRequest.URL) if err != nil { panic(err) } log.Printf("%v object %v with presigned URL returned %v.", presignedGetRequest.Method, uploadKey, getResponse.StatusCode) defer getResponse.Body.Close() downloadBody, err := io.ReadAll(getResponse.Body) if err != nil { panic(err) } log.Printf("Downloaded %v bytes. Here are the first 100 of them:\n", len(downloadBody)) log.Println(strings.Repeat("-", 88)) log.Println(string(downloadBody[:100])) log.Println(strings.Repeat("-", 88)) log.Println("Let's presign a request to delete the object.") questioner.Ask("Press Enter when you're ready.") presignedDelRequest, err := presigner.DeleteObject(bucketName, uploadKey) if err != nil { panic(err) } log.Printf("Got a presigned %v request to URL:\n\t%v\n", presignedDelRequest.Method, presignedDelRequest.URL) log.Println("Using net/http to send the request...") delResponse, err := httpRequester.Delete(presignedDelRequest.URL) if err != nil { panic(err) } log.Printf("%v object %v with presigned URL returned %v.\n", presignedDelRequest.Method, uploadKey, delResponse.StatusCode) log.Println(strings.Repeat("-", 88)) log.Println("Thanks for watching!") log.Println(strings.Repeat("-", 88)) }
この例で HTTP リクエストを行うために使用する HTTP リクエストラッパーを定義します。
// IHttpRequester abstracts HTTP requests into an interface so it can be mocked during // unit testing. type IHttpRequester interface { Get(url string) (resp *http.Response, err error) Put(url string, contentLength int64, body io.Reader) (resp *http.Response, err error) Delete(url string) (resp *http.Response, err error) } // HttpRequester uses the net/http package to make HTTP requests during the scenario. type HttpRequester struct{} func (httpReq HttpRequester) Get(url string) (resp *http.Response, err error) { return http.Get(url) } func (httpReq HttpRequester) Put(url string, contentLength int64, body io.Reader) (resp *http.Response, err error) { putRequest, err := http.NewRequest("PUT", url, body) if err != nil { return nil, err } putRequest.ContentLength = contentLength return http.DefaultClient.Do(putRequest) } func (httpReq HttpRequester) Delete(url string) (resp *http.Response, err error) { delRequest, err := http.NewRequest("DELETE", url, nil) if err != nil { return nil, err } return http.DefaultClient.Do(delRequest) }
- Java
-
- SDK for Java 2.x
-
注記
GitHub には、その他のリソースもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 オブジェクトの署名付き URL を生成して、オブジェクトをダウンロードします (GET リクエスト)。
インポート。
import com.example.s3.util.PresignUrlUtils; import org.slf4j.Logger; import software.amazon.awssdk.http.HttpExecuteRequest; import software.amazon.awssdk.http.HttpExecuteResponse; import software.amazon.awssdk.http.SdkHttpClient; import software.amazon.awssdk.http.SdkHttpMethod; import software.amazon.awssdk.http.SdkHttpRequest; import software.amazon.awssdk.http.apache.ApacheHttpClient; import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.model.GetObjectRequest; import software.amazon.awssdk.services.s3.model.S3Exception; import software.amazon.awssdk.services.s3.presigner.S3Presigner; import software.amazon.awssdk.services.s3.presigner.model.GetObjectPresignRequest; import software.amazon.awssdk.services.s3.presigner.model.PresignedGetObjectRequest; import software.amazon.awssdk.utils.IoUtils; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.URISyntaxException; import java.net.URL; import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse; import java.nio.file.Paths; import java.time.Duration; import java.util.UUID;
URL を生成する。
/* Create a pre-signed URL to download an object in a subsequent GET request. */ public String createPresignedGetUrl(String bucketName, String keyName) { try (S3Presigner presigner = S3Presigner.create()) { GetObjectRequest objectRequest = GetObjectRequest.builder() .bucket(bucketName) .key(keyName) .build(); GetObjectPresignRequest presignRequest = GetObjectPresignRequest.builder() .signatureDuration(Duration.ofMinutes(10)) // The URL will expire in 10 minutes. .getObjectRequest(objectRequest) .build(); PresignedGetObjectRequest presignedRequest = presigner.presignGetObject(presignRequest); logger.info("Presigned URL: [{}]", presignedRequest.url().toString()); logger.info("HTTP method: [{}]", presignedRequest.httpRequest().method()); return presignedRequest.url().toExternalForm(); } }
次の 3 つの方法のいずれかを使用して、オブジェクトをダウンロードします。
JDK
HttpURLConnection
(v1.1 以降) クラスを使用してダウンロードを行います。/* Use the JDK HttpURLConnection (since v1.1) class to do the download. */ public byte[] useHttpUrlConnectionToGet(String presignedUrlString) { ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); // Capture the response body to a byte array. try { URL presignedUrl = new URL(presignedUrlString); HttpURLConnection connection = (HttpURLConnection) presignedUrl.openConnection(); connection.setRequestMethod("GET"); // Download the result of executing the request. try (InputStream content = connection.getInputStream()) { IoUtils.copy(content, byteArrayOutputStream); } logger.info("HTTP response code is " + connection.getResponseCode()); } catch (S3Exception | IOException e) { logger.error(e.getMessage(), e); } return byteArrayOutputStream.toByteArray(); }
JDK
HttpClient
(v11 以降) クラスを使用してダウンロードを行います。/* Use the JDK HttpClient (since v11) class to do the download. */ public byte[] useHttpClientToGet(String presignedUrlString) { ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); // Capture the response body to a byte array. HttpRequest.Builder requestBuilder = HttpRequest.newBuilder(); HttpClient httpClient = HttpClient.newHttpClient(); try { URL presignedUrl = new URL(presignedUrlString); HttpResponse<InputStream> response = httpClient.send(requestBuilder .uri(presignedUrl.toURI()) .GET() .build(), HttpResponse.BodyHandlers.ofInputStream()); IoUtils.copy(response.body(), byteArrayOutputStream); logger.info("HTTP response code is " + response.statusCode()); } catch (URISyntaxException | InterruptedException | IOException e) { logger.error(e.getMessage(), e); } return byteArrayOutputStream.toByteArray(); }
AWS SDK for Java
SdkHttpClient
クラスを使用してダウンロードを行います。/* Use the AWS SDK for Java SdkHttpClient class to do the download. */ public byte[] useSdkHttpClientToPut(String presignedUrlString) { ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); // Capture the response body to a byte array. try { URL presignedUrl = new URL(presignedUrlString); SdkHttpRequest request = SdkHttpRequest.builder() .method(SdkHttpMethod.GET) .uri(presignedUrl.toURI()) .build(); HttpExecuteRequest executeRequest = HttpExecuteRequest.builder() .request(request) .build(); try (SdkHttpClient sdkHttpClient = ApacheHttpClient.create()) { HttpExecuteResponse response = sdkHttpClient.prepareRequest(executeRequest).call(); response.responseBody().ifPresentOrElse( abortableInputStream -> { try { IoUtils.copy(abortableInputStream, byteArrayOutputStream); } catch (IOException e) { throw new RuntimeException(e); } }, () -> logger.error("No response body.")); logger.info("HTTP Response code is {}", response.httpResponse().statusCode()); } } catch (URISyntaxException | IOException e) { logger.error(e.getMessage(), e); } return byteArrayOutputStream.toByteArray(); }
アップロード用の署名付き URL を生成して、ファイルをアップロードします (PUT リクエスト)。
インポート。
import com.example.s3.util.PresignUrlUtils; import org.slf4j.Logger; import software.amazon.awssdk.core.internal.sync.FileContentStreamProvider; import software.amazon.awssdk.http.HttpExecuteRequest; import software.amazon.awssdk.http.HttpExecuteResponse; import software.amazon.awssdk.http.SdkHttpClient; import software.amazon.awssdk.http.SdkHttpMethod; import software.amazon.awssdk.http.SdkHttpRequest; import software.amazon.awssdk.http.apache.ApacheHttpClient; import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.model.PutObjectRequest; import software.amazon.awssdk.services.s3.model.S3Exception; import software.amazon.awssdk.services.s3.presigner.S3Presigner; import software.amazon.awssdk.services.s3.presigner.model.PresignedPutObjectRequest; import software.amazon.awssdk.services.s3.presigner.model.PutObjectPresignRequest; import java.io.File; import java.io.IOException; import java.io.OutputStream; import java.io.RandomAccessFile; import java.net.HttpURLConnection; import java.net.URISyntaxException; import java.net.URL; import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse; import java.nio.ByteBuffer; import java.nio.channels.FileChannel; import java.nio.file.Path; import java.nio.file.Paths; import java.time.Duration; import java.util.Map; import java.util.UUID;
URL を生成する。
/* Create a presigned URL to use in a subsequent PUT request */ public String createPresignedUrl(String bucketName, String keyName, Map<String, String> metadata) { try (S3Presigner presigner = S3Presigner.create()) { PutObjectRequest objectRequest = PutObjectRequest.builder() .bucket(bucketName) .key(keyName) .metadata(metadata) .build(); PutObjectPresignRequest presignRequest = PutObjectPresignRequest.builder() .signatureDuration(Duration.ofMinutes(10)) // The URL expires in 10 minutes. .putObjectRequest(objectRequest) .build(); PresignedPutObjectRequest presignedRequest = presigner.presignPutObject(presignRequest); String myURL = presignedRequest.url().toString(); logger.info("Presigned URL to upload a file to: [{}]", myURL); logger.info("HTTP method: [{}]", presignedRequest.httpRequest().method()); return presignedRequest.url().toExternalForm(); } }
次の 3 つの方法のいずれかを使用して、オブジェクトをアップロードします。
JDK
HttpURLConnection
(v1.1 以降) クラスを使用してアップロードを行います。/* Use the JDK HttpURLConnection (since v1.1) class to do the upload. */ public void useHttpUrlConnectionToPut(String presignedUrlString, File fileToPut, Map<String, String> metadata) { logger.info("Begin [{}] upload", fileToPut.toString()); try { URL presignedUrl = new URL(presignedUrlString); HttpURLConnection connection = (HttpURLConnection) presignedUrl.openConnection(); connection.setDoOutput(true); metadata.forEach((k, v) -> connection.setRequestProperty("x-amz-meta-" + k, v)); connection.setRequestMethod("PUT"); OutputStream out = connection.getOutputStream(); try (RandomAccessFile file = new RandomAccessFile(fileToPut, "r"); FileChannel inChannel = file.getChannel()) { ByteBuffer buffer = ByteBuffer.allocate(8192); //Buffer size is 8k while (inChannel.read(buffer) > 0) { buffer.flip(); for (int i = 0; i < buffer.limit(); i++) { out.write(buffer.get()); } buffer.clear(); } } catch (IOException e) { logger.error(e.getMessage(), e); } out.close(); connection.getResponseCode(); logger.info("HTTP response code is " + connection.getResponseCode()); } catch (S3Exception | IOException e) { logger.error(e.getMessage(), e); } }
JDK
HttpClient
(v11 以降) クラスを使用してアップロードを行います。/* Use the JDK HttpClient (since v11) class to do the upload. */ public void useHttpClientToPut(String presignedUrlString, File fileToPut, Map<String, String> metadata) { logger.info("Begin [{}] upload", fileToPut.toString()); HttpRequest.Builder requestBuilder = HttpRequest.newBuilder(); metadata.forEach((k, v) -> requestBuilder.header("x-amz-meta-" + k, v)); HttpClient httpClient = HttpClient.newHttpClient(); try { final HttpResponse<Void> response = httpClient.send(requestBuilder .uri(new URL(presignedUrlString).toURI()) .PUT(HttpRequest.BodyPublishers.ofFile(Path.of(fileToPut.toURI()))) .build(), HttpResponse.BodyHandlers.discarding()); logger.info("HTTP response code is " + response.statusCode()); } catch (URISyntaxException | InterruptedException | IOException e) { logger.error(e.getMessage(), e); } }
AWS for Java V2
SdkHttpClient
クラスを使用してアップロードを行います。/* Use the AWS SDK for Java V2 SdkHttpClient class to do the upload. */ public void useSdkHttpClientToPut(String presignedUrlString, File fileToPut, Map<String, String> metadata) { logger.info("Begin [{}] upload", fileToPut.toString()); try { URL presignedUrl = new URL(presignedUrlString); SdkHttpRequest.Builder requestBuilder = SdkHttpRequest.builder() .method(SdkHttpMethod.PUT) .uri(presignedUrl.toURI()); // Add headers metadata.forEach((k, v) -> requestBuilder.putHeader("x-amz-meta-" + k, v)); // Finish building the request. SdkHttpRequest request = requestBuilder.build(); HttpExecuteRequest executeRequest = HttpExecuteRequest.builder() .request(request) .contentStreamProvider(new FileContentStreamProvider(fileToPut.toPath())) .build(); try (SdkHttpClient sdkHttpClient = ApacheHttpClient.create()) { HttpExecuteResponse response = sdkHttpClient.prepareRequest(executeRequest).call(); logger.info("Response code: {}", response.httpResponse().statusCode()); } } catch (URISyntaxException | IOException e) { logger.error(e.getMessage(), e); } }
- JavaScript
-
- SDK for JavaScript (v3)
-
注記
GitHub には、その他のリソースもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 署名付き URL を作成して、オブジェクトをバケットにアップロードします。
import https from "https"; import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3"; import { fromIni } from "@aws-sdk/credential-providers"; import { HttpRequest } from "@smithy/protocol-http"; import { getSignedUrl, S3RequestPresigner, } from "@aws-sdk/s3-request-presigner"; import { parseUrl } from "@smithy/url-parser"; import { formatUrl } from "@aws-sdk/util-format-url"; import { Hash } from "@smithy/hash-node"; const createPresignedUrlWithoutClient = async ({ region, bucket, key }) => { const url = parseUrl(`https://${bucket}.s3.${region}.amazonaws.com/${key}`); const presigner = new S3RequestPresigner({ credentials: fromIni(), region, sha256: Hash.bind(null, "sha256"), }); const signedUrlObject = await presigner.presign( new HttpRequest({ ...url, method: "PUT" }), ); return formatUrl(signedUrlObject); }; const createPresignedUrlWithClient = ({ region, bucket, key }) => { const client = new S3Client({ region }); const command = new PutObjectCommand({ Bucket: bucket, Key: key }); return getSignedUrl(client, command, { expiresIn: 3600 }); }; function put(url, data) { return new Promise((resolve, reject) => { const req = https.request( url, { method: "PUT", headers: { "Content-Length": new Blob([data]).size } }, (res) => { let responseBody = ""; res.on("data", (chunk) => { responseBody += chunk; }); res.on("end", () => { resolve(responseBody); }); }, ); req.on("error", (err) => { reject(err); }); req.write(data); req.end(); }); } export const main = async () => { const REGION = "us-east-1"; const BUCKET = "example_bucket"; const KEY = "example_file.txt"; // There are two ways to generate a presigned URL. // 1. Use createPresignedUrl without the S3 client. // 2. Use getSignedUrl in conjunction with the S3 client and GetObjectCommand. try { const noClientUrl = await createPresignedUrlWithoutClient({ region: REGION, bucket: BUCKET, key: KEY, }); const clientUrl = await createPresignedUrlWithClient({ region: REGION, bucket: BUCKET, key: KEY, }); // After you get the presigned URL, you can provide your own file // data. Refer to put() above. console.log("Calling PUT using presigned URL without client"); await put(noClientUrl, "Hello World"); console.log("Calling PUT using presigned URL with client"); await put(clientUrl, "Hello World"); console.log("\nDone. Check your S3 console."); } catch (err) { console.error(err); } };
署名付き URL を作成して、オブジェクトをバケットからダウンロードします。
import { GetObjectCommand, S3Client } from "@aws-sdk/client-s3"; import { fromIni } from "@aws-sdk/credential-providers"; import { HttpRequest } from "@smithy/protocol-http"; import { getSignedUrl, S3RequestPresigner, } from "@aws-sdk/s3-request-presigner"; import { parseUrl } from "@smithy/url-parser"; import { formatUrl } from "@aws-sdk/util-format-url"; import { Hash } from "@smithy/hash-node"; const createPresignedUrlWithoutClient = async ({ region, bucket, key }) => { const url = parseUrl(`https://${bucket}.s3.${region}.amazonaws.com/${key}`); const presigner = new S3RequestPresigner({ credentials: fromIni(), region, sha256: Hash.bind(null, "sha256"), }); const signedUrlObject = await presigner.presign(new HttpRequest(url)); return formatUrl(signedUrlObject); }; const createPresignedUrlWithClient = ({ region, bucket, key }) => { const client = new S3Client({ region }); const command = new GetObjectCommand({ Bucket: bucket, Key: key }); return getSignedUrl(client, command, { expiresIn: 3600 }); }; export const main = async () => { const REGION = "us-east-1"; const BUCKET = "example_bucket"; const KEY = "example_file.jpg"; try { const noClientUrl = await createPresignedUrlWithoutClient({ region: REGION, bucket: BUCKET, key: KEY, }); const clientUrl = await createPresignedUrlWithClient({ region: REGION, bucket: BUCKET, key: KEY, }); console.log("Presigned URL without client"); console.log(noClientUrl); console.log("\n"); console.log("Presigned URL with client"); console.log(clientUrl); } catch (err) { console.error(err); } };
-
詳細については、「AWS SDK for JavaScript デベロッパーガイド」を参照してください。
-
- Kotlin
-
- SDK for Kotlin
-
注記
GitHub には、その他のリソースもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 GetObject
の署名済みリクエストを作成し、その URL を使用してオブジェクトをダウンロードします。suspend fun getObjectPresigned( s3: S3Client, bucketName: String, keyName: String, ): String { // Create a GetObjectRequest. val unsignedRequest = GetObjectRequest { bucket = bucketName key = keyName } // Presign the GetObject request. val presignedRequest = s3.presignGetObject(unsignedRequest, 24.hours) // Use the URL from the presigned HttpRequest in a subsequent HTTP GET request to retrieve the object. val objectContents = URL(presignedRequest.url.toString()).readText() return objectContents }
詳細オプションを使用して
GetObject
署名済みリクエストを作成します。suspend fun getObjectPresignedMoreOptions( s3: S3Client, bucketName: String, keyName: String, ): HttpRequest { // Create a GetObjectRequest. val unsignedRequest = GetObjectRequest { bucket = bucketName key = keyName } // Presign the GetObject request. val presignedRequest = s3.presignGetObject(unsignedRequest, signer = CrtAwsSigner) { signingDate = Instant.now() + 12.hours // Presigned request can be used 12 hours from now. algorithm = AwsSigningAlgorithm.SIGV4_ASYMMETRIC signatureType = AwsSignatureType.HTTP_REQUEST_VIA_QUERY_PARAMS expiresAfter = 8.hours // Presigned request expires 8 hours later. } return presignedRequest }
PutObject
の署名済みリクエストを作成し、それを使用してオブジェクトをアップロードします。suspend fun putObjectPresigned( s3: S3Client, bucketName: String, keyName: String, content: String, ) { // Create a PutObjectRequest. val unsignedRequest = PutObjectRequest { bucket = bucketName key = keyName } // Presign the request. val presignedRequest = s3.presignPutObject(unsignedRequest, 24.hours) // Use the URL and any headers from the presigned HttpRequest in a subsequent HTTP PUT request to retrieve the object. // Create a PUT request using the OKHttpClient API. val putRequest = Request .Builder() .url(presignedRequest.url.toString()) .apply { presignedRequest.headers.forEach { key, values -> header(key, values.joinToString(", ")) } }.put(content.toRequestBody()) .build() val response = OkHttpClient().newCall(putRequest).execute() assert(response.isSuccessful) }
-
詳細については、「AWS SDK for Kotlin デベロッパーガイド」を参照してください。
-
- PHP
-
- SDK for PHP
-
注記
GitHub には、その他のリソースもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 namespace S3; use Aws\Exception\AwsException; use AwsUtilities\PrintableLineBreak; use AwsUtilities\TestableReadline; use DateTime; require 'vendor/autoload.php'; class PresignedURL { use PrintableLineBreak; use TestableReadline; public function run() { $s3Service = new S3Service(); $expiration = new DateTime("+20 minutes"); $linebreak = $this->getLineBreak(); echo $linebreak; echo ("Welcome to the Amazon S3 presigned URL demo.\n"); echo $linebreak; $bucket = $this->testable_readline("First, please enter the name of the S3 bucket to use: "); $key = $this->testable_readline("Next, provide the key of an object in the given bucket: "); echo $linebreak; $command = $s3Service->getClient()->getCommand('GetObject', [ 'Bucket' => $bucket, 'Key' => $key, ]); try { $preSignedUrl = $s3Service->preSignedUrl($command, $expiration); echo "Your preSignedUrl is \n$preSignedUrl\nand will be good for the next 20 minutes.\n"; echo $linebreak; echo "Thanks for trying the Amazon S3 presigned URL demo.\n"; } catch (AwsException $exception) { echo $linebreak; echo "Something went wrong: $exception"; die(); } } } $runner = new PresignedURL(); $runner->run();
- Python
-
- SDK for Python (Boto3)
-
注記
GitHub には、その他のリソースもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 S3 アクションを期間限定で実行できる署名付き URL を生成します。Requests パッケージを使用して、URL でリクエストを行います。
import argparse import logging import boto3 from botocore.exceptions import ClientError import requests logger = logging.getLogger(__name__) def generate_presigned_url(s3_client, client_method, method_parameters, expires_in): """ Generate a presigned Amazon S3 URL that can be used to perform an action. :param s3_client: A Boto3 Amazon S3 client. :param client_method: The name of the client method that the URL performs. :param method_parameters: The parameters of the specified client method. :param expires_in: The number of seconds the presigned URL is valid for. :return: The presigned URL. """ try: url = s3_client.generate_presigned_url( ClientMethod=client_method, Params=method_parameters, ExpiresIn=expires_in ) logger.info("Got presigned URL: %s", url) except ClientError: logger.exception( "Couldn't get a presigned URL for client method '%s'.", client_method ) raise return url def usage_demo(): logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s") print("-" * 88) print("Welcome to the Amazon S3 presigned URL demo.") print("-" * 88) parser = argparse.ArgumentParser() parser.add_argument("bucket", help="The name of the bucket.") parser.add_argument( "key", help="For a GET operation, the key of the object in Amazon S3. For a " "PUT operation, the name of a file to upload.", ) parser.add_argument("action", choices=("get", "put"), help="The action to perform.") args = parser.parse_args() s3_client = boto3.client("s3") client_action = "get_object" if args.action == "get" else "put_object" url = generate_presigned_url( s3_client, client_action, {"Bucket": args.bucket, "Key": args.key}, 1000 ) print("Using the Requests package to send a request to the URL.") response = None if args.action == "get": response = requests.get(url) elif args.action == "put": print("Putting data to the URL.") try: with open(args.key, "r") as object_file: object_text = object_file.read() response = requests.put(url, data=object_text) except FileNotFoundError: print( f"Couldn't find {args.key}. For a PUT operation, the key must be the " f"name of a file that exists on your computer." ) if response is not None: print("Got response:") print(f"Status: {response.status_code}") print(response.text) print("-" * 88) if __name__ == "__main__": usage_demo()
署名付き POST リクエストを生成して、ファイルをアップロードします。
class BucketWrapper: """Encapsulates S3 bucket actions.""" def __init__(self, bucket): """ :param bucket: A Boto3 Bucket resource. This is a high-level resource in Boto3 that wraps bucket actions in a class-like structure. """ self.bucket = bucket self.name = bucket.name def generate_presigned_post(self, object_key, expires_in): """ Generate a presigned Amazon S3 POST request to upload a file. A presigned POST can be used for a limited time to let someone without an AWS account upload a file to a bucket. :param object_key: The object key to identify the uploaded object. :param expires_in: The number of seconds the presigned POST is valid. :return: A dictionary that contains the URL and form fields that contain required access data. """ try: response = self.bucket.meta.client.generate_presigned_post( Bucket=self.bucket.name, Key=object_key, ExpiresIn=expires_in ) logger.info("Got presigned POST URL: %s", response["url"]) except ClientError: logger.exception( "Couldn't get a presigned POST URL for bucket '%s' and object '%s'", self.bucket.name, object_key, ) raise return response
- Ruby
-
- SDK for Ruby
-
注記
GitHub には、その他のリソースもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 require "aws-sdk-s3" require "net/http" # Creates a presigned URL that can be used to upload content to an object. # # @param bucket [Aws::S3::Bucket] An existing Amazon S3 bucket. # @param object_key [String] The key to give the uploaded object. # @return [URI, nil] The parsed URI if successful; otherwise nil. def get_presigned_url(bucket, object_key) url = bucket.object(object_key).presigned_url(:put) puts "Created presigned URL: #{url}" URI(url) rescue Aws::Errors::ServiceError => e puts "Couldn't create presigned URL for #{bucket.name}:#{object_key}. Here's why: #{e.message}" end # Example usage: def run_demo bucket_name = "amzn-s3-demo-bucket" object_key = "my-file.txt" object_content = "This is the content of my-file.txt." bucket = Aws::S3::Bucket.new(bucket_name) presigned_url = get_presigned_url(bucket, object_key) return unless presigned_url response = Net::HTTP.start(presigned_url.host) do |http| http.send_request("PUT", presigned_url.request_uri, object_content, "content_type" => "") end case response when Net::HTTPSuccess puts "Content uploaded!" else puts response.value end end run_demo if $PROGRAM_NAME == __FILE__
- Rust
-
- SDK for Rust
-
注記
GitHub には、その他のリソースもあります。用例一覧を検索し、AWS コード例リポジトリ
での設定と実行の方法を確認してください。 GET S3 オブジェクトへの事前署名リクエストを作成します。
/// Generate a URL for a presigned GET request. async fn get_object( client: &Client, bucket: &str, object: &str, expires_in: u64, ) -> Result<(), Box<dyn Error>> { let expires_in = Duration::from_secs(expires_in); let presigned_request = client .get_object() .bucket(bucket) .key(object) .presigned(PresigningConfig::expires_in(expires_in)?) .await?; println!("Object URI: {}", presigned_request.uri()); let valid_until = chrono::offset::Local::now() + expires_in; println!("Valid until: {valid_until}"); Ok(()) }
PUT S3 オブジェクトへの事前署名リクエストを作成します。
async fn put_object( client: &Client, bucket: &str, object: &str, expires_in: u64, ) -> Result<String, S3ExampleError> { let expires_in: std::time::Duration = std::time::Duration::from_secs(expires_in); let expires_in: aws_sdk_s3::presigning::PresigningConfig = PresigningConfig::expires_in(expires_in).map_err(|err| { S3ExampleError::new(format!( "Failed to convert expiration to PresigningConfig: {err:?}" )) })?; let presigned_request = client .put_object() .bucket(bucket) .key(object) .presigned(expires_in) .await?; Ok(presigned_request.uri().into()) }
AWS SDK デベロッパーガイドとコード例の完全なリストについては、「このサービスを AWS SDK で使用する」を参照してください。このトピックには、使用開始方法に関する情報と、以前の SDK バージョンの詳細も含まれています。