How to Share Amazon S3 Files/Objects with External Users Using Presigned URLs | Python SDK Example
Vložit
- čas přidán 8. 05. 2024
- By default, files/objects in Amazon/AWS's Simple Storage Service (S3) are blocked from all public access, which means that users without AWS permissions will get an “AccessDenied” error when trying to access them. But sometimes, you DO need to share files with external users, and presigned URLs are the way to do that.
In this hands-on tutorial, I’ll walk through how to create an S3 bucket (with all public access blocked) and then upload a file to it. We’ll then see how to generate a presigned URL for the file using the Console (in the browser). And then we’ll see how to programmatically create the presigned URL using the Python SDK (in a Cloud9 IDE environment).
Links to videos and documentation referenced:
• Learn the basics of S3: • Amazon/AWS S3 (Simple ...
• AWS documentation for presigned URLs: docs.aws.amazon.com/AmazonS3/...
• boto3 documentation for using credentials with the boto client: boto3.amazonaws.com/v1/docume...
00:00 - Overviewing the need to share S3 files/objects with external users
00:32 - Creating an S3 bucket with no public access
01:31 - Access denied on S3 files
02:10 - Introducing presigned URLs for sharing S3 files
03:20 - Programmatically creating presigned URLs for S3 files using the SDK
04:31 - Implementing Python code to create presigned URLs for S3 files
07:05 - Options for using credentials with the boto3 S3 client
07:38 - Deleting the S3 bucket and Cloud9 environment - Věda a technologie
Happy 2022! You are my AWS genie! Thank you for granting my wish (request for assistance). This is a really practical and useful tutorial and your delivery is, as always, faultless! I look forward to more of your tutorials this year and sincerely appreciate your generous contribution to your subscribers. I wish you every success in growing your channel and encourage everyone reading comment this to get behind you. Thank you...
Happy 2022 back at ya, Tartan! Many thanks for the nice comment and support for the channel! So glad you're finding it useful!
Within seconds of entering this video, I was surprised by how soft and pleasant you voice sounds! Then the content itself is made very easy to understand. It almost feel like I'm in school again and just met a teacher who made me go "hey now that she is teaching this class instead, i can understand it now, and she's so nice too"
Awwwww...this is the nicest comment EVER! Thank you so much! Made my day. 🥰🙏🤓
Thanks for showing both ways though UI and programmatically.
You bet! Thanks for watching! 😊
Fantastic Video... Very straightforward & helpful.. Many thanks..
Yay! I'm so glad! :)
awesome tutorial, thanks for sharing !
Thanks so much, Prabhu! Glad you liked it!
Excellent. Didn't know you could do this.
Glad it helped! Thanks for supporting the channel! 🙏
Thanks a lot for the video.
You bet! Thanks for watching! :)
First, thank you for this straight forward explanation. The reality is though, the need to share one file at a time is rare. Is there a way to create a presign url for a folder with sub-folders that contain objects?
I figured it out from your answer to someone else's question! I've subscribed as well! Thanks again!
Oh, awesome! Glad you were able to find the answer. And welcome to the channel! 🤓🙏🌟
Thanks for your content. Isn't the first 5 gb of an s3 bucket part of aws free tier?
Really great content, thanks for this. Do you know of an optimal approach for generating presigned urls for multiple files at the same time? Let's say we have a web application where we want to request all the images in a bucket belonging to a particular user (which image belongs to who is stored in a database). I guess your backend could loop over all the requested files and generate an individual presigned url for each file, and then send the list back to the frontend for display. Any other thoughts on this approach?
Thanks again!
Thanks, James! :) Yeah, the looping approach you described is the only one I'm aware of. I don't know of a way to create a presigned URL for multiple files. Though I suppose you could zip the files up in S3, and then create a presigned URL to grab the zip?
@@TinyTechnicalTutorials Great, thanks! I think I'll go with the looping approach for now. Keep up the great content!
Cheers! :)
Thank you.
You bet! Thanks for watching! 😊
wow…. thanks … can we provide external user ( non IAM user ) access to whole bucket without making it public?
Hi Gaurav! Unfortunately, the presigned URL only works for a single object within the S3 bucket. If you need to share multiple files, the best approach is probably to compress them into a zip file and then generate a presigned URL for that zip. Hope that helps!
Hi Thanks for sharing the video
One question if the object is located under nested directory then, how this code will work?
After generating the URL, its saying the key does not exist.
Hi Jayant! I haven't tested this out, but try using the folder name as part of the object name (for example, "/foldername/filename.extension"). S3 doesn't truly have folders. The folder name is just part of the object name.
Here are a couple other links that might help:
-stackoverflow.com/questions/56748449/creating-presigned-url-for-a-s3-folder-in-python
-stackoverflow.com/questions/36344194/pre-signed-url-for-multiple-files
Hi Jayant, were you able to solve? I am attempting the same here; when a new zip gets uploaded, lambda gets triggered, for which I create a URL
@@curiousobserver123 yes i solved it, actually it is the issue with the folder naming, there should not be any space in the folder name.
Hello. In simplified terms, this is what I understand about Amazon S3 Files in general... a company or organization would use this to create a speciifc URL to upload a document they want to have available on the web (to be seen or downloaded?). If that URL is created as "open to the public," then anyone searching the internet could find it? Is that correct? Why would a company do this if they have they're own website that could house and provide the document?
Hi Shellene! 👋 Sorry for the slow response! I think you've mostly got it correct, but just to make the distinction clear between a public file and a presigned URL file...
-Public Files: When a file is made public on Amazon S3 (by opening up bucket permissions), it means that anyone with the URL can access it. This is similar to hosting files on a public website. This would be fine for things like public datasets, images for a website, or documents meant for public use. But for sensitive data, it's obviously not a good idea since (as you point out), anyone could access it.
-Presigned URLs: This is a way to provide temporary access to a private file stored in an S3 bucket. This URL includes a signature and an expiration time, after which the URL becomes invalid. The main use case here is to securely share private files without making them publicly accessible to the entire internet. It gives you more control over who can access them and for how long.
I hope that helps? 🤓
I am trying to access some lambda microservices using presigned url. What would be the params in that case? Sorry but I am new to this
Hi Nitin! 😊 Can you give me a little more detail? You're trying to call a Lambda function? Or general a presigned URL from the Lambda function? Which parameters are you passing and from where?
Hello, Thank you for sharing. But I am a bit confused as I am able to share an uploaded PDF file using AWS S3 by simply selecting the uploaded file in my S3 bucket > clicking the OPEN button > opens in a new tab/ window and showing the uploaded PDF file. Then I simply copy the URL and share it with my friends via text/ Whats app/ iMessage/ FB messenger and everyone were able to access the file + Download it. Please let me know if this method (non-coding way) has a time limit of up to 12 hours or any other restrictions.
UPDATE: The URL now shows access denied. Can you suggest a solution so that there is no time limit interval to view the shared object/ file with a client? They have access to it all the time. Thank you!
Hi Sidd! If folks need access all the time, there are a few options. This article does a better job explaining than I will. :) aws.amazon.com/premiumsupport/knowledge-center/presigned-url-s3-bucket-expiration/. Hope it helps!
How can I implement a restriction to allow logged users to download files only? I guess it's not with Pre-signed URLs...
Hi Jose! When you say "logged in," do you mean logged in to the AWS Console? Or logged in to a custom app that you've built?
I’m trying to use the s3 to store all the ebooks and digital content that I have for sale and in the end share the “object” address after payment. You have shared good content and I thank you but … I’m still in the dark.
Hey Dave! Apologies for SUCH a slow response! Hope you were able to sort this out. Let me know if you're still in the dark about anything.