What is Amazon S3?
Amazon Simple Storage Service (S3) is a highly durable and scalable cloud storage service provided by Amazon Web Services (AWS). It allows users to store and retrieve data in the form of objects*. With S3, users can securely store and serve a wide range of data types, including images, videos, documents, and more. It includes robust features like versioning** lifecycle management***, and access controls, and it is a popular choice for data storage and management. Files stored in Amazon S3 conveniently come with their own URL which they can be shared and accessed by and these files can be up to 5 terabytes (TB) in size. Files are organized into "buckets", which is essentially a group of files. In this article, we'll explore how to use Amazon S3 and generate pre-signed URLs to securely share objects with others.
What is a Pre-signed URL and Why Use It?
A pre-signed URL is a temporarily valid URL generated by AWS that allows users to access or upload objects to an S3 bucket without requiring AWS credentials. It is called "pre-signed" because it is signed (authorized) with the credentials of the AWS user who generated it. Pre-signed URLs are useful for temporarily sharing files or granting limited-time access to S3 objects, bypassing the need to share AWS credentials or manage complex access controls. The file owner sets the period of validity of the URL, after which, the file cannot be accessed by it.
*Object storage: Object storage is a type of data storage that manages and stores data as objects, rather than files or blocks as in the case of traditional hard drives. Each object consists of data (the file itself), metadata (details about the file nature), and a unique identifier. This is ideal for handling massive amounts of unstructured data
**Versioning: Amazon S3 provides a feature called versioning, which allows you to store multiple versions of an object in a bucket. This can be useful in cases where a file is deleted by accident (can restore an earlier version) or to track changes in files
***S3 Lifecycle Management: Lifecycle Management enables you to manage the classification of your objects throughout their lifespans by defining policies that automatically transition objects to different storage classes, archive, or delete them after a specified period.
Open the AWS management console, search for and select S3
Select "Create Bucket"
Select General purpose for this example
Pick a unique bucket name. Bucket names must be globally unique
Leave default setting for Object Ownership
Leave "Block all public access on its default enabled setting". This will prevent the object from being freely accessed
Notice the option to enable bucket versioning. In this example, it will be left off, however you can enable it to experiment with S3 bucket versioning if you wish
Select Create bucket
Select the created bucket
Click on Upload
Select add a file
Click upload once the file or folder has loaded
Select the checkbox on the newly uploaded item
Select Actions
Select share with a presigned URL
Choose a number of minutes for the URL to be valid and click "Create presigned URL"
The URL will be automatically copied to your clipboard. If not, select "Copy presigned URL" in the green banner at the top of the page
Paste the URL in a browser. If it is a picture, it will display in the browser. If it is any other type of file, it will download automatically.
Note that this URL is only valid for the amount of time specified. The pre-signed URL allows access to the file even though we selected "block all access" when originally creating the S3 bucket. This is convenient because it takes away the need to create file permissions and ensures security by automatically expiring the link.
Top comments (0)