DEV Community

AWS S3 and Presigned URL

What are the “presigned URL” in S3? For me, when I first read about it, It sound me a little strange feature, but, when you are reading about AWS, this is a concept that appear from time on time, and you, definitely need to understand it, if want to get ready in your exam preparation. So, let’s go for it!

First of all, according the official doc, the only way to build a presigned URL is with one of the AWS SDK. And, in our case, we are going to use de AWS SDK for Java

After said that, let’s start the post:

Step 01: Starting from the last Step!

Let’s start from the end, the last step, to have one idea about we are going to:

I already have a Java 8 Maven project, with the Maven pom.xml with the dependences to AWS SDK for Java and the sample code from AWS to generate the presigned URL, so, after run it … I get the code 200 with everything Ok:

Image description

We can see that, when we are executing the Java Program “GeneratingPresignedUrlAndUploadObject”, the “Presigned URL” is created and it is printed in the log, and one object is uploaded to an S3 and the API return a 200 (ok) Status Code

Image description

The 200 status code means that the “miobject” was successful created in the S3 bucket:

Image description

Let’s see that the bucket didn’t have public access permissions, but the Java code was able to put a new object from and build the “Presigned URL” for it:

Image description

According to the [official doc with the presigned URL that we have just generated, we can give it to anyone, and although the bucket is still private, the receptor of the presigned URL will be able to access to this buckets objects as soon as the presigned URL creator have this permission ….

In short, If I want to give some permission on a bucket to someone, I can build with one AWS SDK a presigned URL, and give that URL to someone, to let access to bucket resourses, that remain private for everyone but still accesible for me as owner and the person that I gave the presigned URL

Step 02: recap: Where is te code?

This is the sample code:

Image description

You can get it from the Java Maven Project working on my public repo:

Or, in either case, you can get it from, the original AWS Documentation

https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObjectJavaSDK.html

Step 03: Let’s build and run

When you have have the source code available is just the half of the road: you need to build and run it, dealing with some things like dependences and environment variables, so, the “plus” in this post, is also show you how is possible to build, and run the source code.

$ git clone https://github.com/PabloEzequiel/shared-images.git
$ cd shared-images/lambda/java-aws-sample
$ mvn clean install

Image description

Image description

Let’s exec the app with:

$ mvn exec:java -Dexec.mainClass="aws.s3sample.GeneratePresignedUrlAndUploadObject"

Image description

There is an error, but that is correct: we need to create the bucket in S3, and upload on IT one S3 object, so, let’s do it now, in the next step:

Step 04: Let’s Upload (PUT) the Object in S3

In the source code we have the name that we should give to the bucket and the name of the object to upload on it:

Image description

First, let’s run $ aws configure to be sure that we are in the right account, and later we can validate it with: $ aws get-sts-identity

Image description

Let’s create the bucket with default (private) access:

Image description

Image description

And now, with the bucket created, let’s exec the app again:
`
$ mvn exec:java -Dexec.mainClass="aws.s3sample.GeneratePresignedUrlAndUploadObject"

Image description

We get the presigned URL, and the Object Created

Image description

Let’s Observe the Java Code:

Image description

`Step 05: Let’s Recover (GET) the Object from S3

Now, the last step is to use the presigned URL, and for simplicity, we will use the presinged URL that we have createdto be accessed with the GET method:

Image description

So, thanks to presigned URL, is posible to recover the Object from a private bucket, and to use it, the user don’t need to interact wit the AWS console, just with the presigned URL that we have generated for him.
**
Final words**

Ok, I will stop the post at this point. We have been able to show from a practical point of view, what is the idea of presigned URL, to give access to someone to our private resources for a short period of time, and how to generate and use it.

That is an interesting concept to understand because it is presente and frequently referenced in AWS certification material as use cases.

I hope you enjoyed it, and let’s see us in the another post!

Pablo
**
Resources**

The Source [Code of This Post can be found on my personal GitHub](https://github.com/PabloEzequiel/shared-images/tree/master/lambda/java-aws-sample)
This post have something about Java, and [this is a good post about How to start with Java and Maven](https://mkyong.com/maven/how-to-create-a-java-project-with-maven/)
The [Official Doc about presigned URL](https://mkyong.com/maven/how-to-create-a-java-project-with-maven/) deal with this concept in detail, but later is up to you make it work, so, that is the idea of one post like this, to show you how the thinks are working.
Enter fullscreen mode Exit fullscreen mode

By the way, the original Post about it, was on my Medium space

I hope you enjoy it!

Top comments (0)