How to Share Amazon S3 Files/Objects with External Users Using Presigned URLs | Python SDK Example
By default, files/objects in Amazon/AWS's Simple Storage Service (S3) are blocked from all public access, which means that users without AWS permissions will get an “AccessDenied” error when trying to access them. But sometimes, you DO need to share files with external users, and presigned URLs are the way to do that.
In this hands-on tutorial, I’ll walk through how to create an S3 bucket (with all public access blocked) and then upload a file to it. We’ll then see how to generate a presigned URL for the file using the Console (in the browser). And then we’ll see how to programmatically create the presigned URL using the Python SDK (in a Cloud9 IDE environment).
Links to videos and documentation referenced:
• Learn the basics of S3: • Amazon/AWS S3 (Simple ...
• AWS documentation for presigned URLs: docs.aws.amazo...
• boto3 documentation for using credentials with the boto client: boto3.amazonaw...
00:00 - Overviewing the need to share S3 files/objects with external users
00:32 - Creating an S3 bucket with no public access
01:31 - Access denied on S3 files
02:10 - Introducing presigned URLs for sharing S3 files
03:20 - Programmatically creating presigned URLs for S3 files using the SDK
04:31 - Implementing Python code to create presigned URLs for S3 files
07:05 - Options for using credentials with the boto3 S3 client
07:38 - Deleting the S3 bucket and Cloud9 environment
Пікірлер: 47
Best AWS tutorials around! Thank you so much for showing actual use cases in a delightful manner. You’ve probably saved weeks of my life😅
Within seconds of entering this video, I was surprised by how soft and pleasant you voice sounds! Then the content itself is made very easy to understand. It almost feel like I'm in school again and just met a teacher who made me go "hey now that she is teaching this class instead, i can understand it now, and she's so nice too"
@TinyTechnicalTutorials
11 ай бұрын
Awwwww...this is the nicest comment EVER! Thank you so much! Made my day. 🥰🙏🤓
Happy 2022! You are my AWS genie! Thank you for granting my wish (request for assistance). This is a really practical and useful tutorial and your delivery is, as always, faultless! I look forward to more of your tutorials this year and sincerely appreciate your generous contribution to your subscribers. I wish you every success in growing your channel and encourage everyone reading comment this to get behind you. Thank you...
@TinyTechnicalTutorials
2 жыл бұрын
Happy 2022 back at ya, Tartan! Many thanks for the nice comment and support for the channel! So glad you're finding it useful!
Thanks for showing both ways though UI and programmatically.
@TinyTechnicalTutorials
Жыл бұрын
You bet! Thanks for watching! 😊
Thanks for your content. Isn't the first 5 gb of an s3 bucket part of aws free tier?
@TinyTechnicalTutorials
3 ай бұрын
Yes! You got it. 👍 5GB of standard storage, 20,000 Get requests and 2,000 Put requests.
Hello. In simplified terms, this is what I understand about Amazon S3 Files in general... a company or organization would use this to create a speciifc URL to upload a document they want to have available on the web (to be seen or downloaded?). If that URL is created as "open to the public," then anyone searching the internet could find it? Is that correct? Why would a company do this if they have they're own website that could house and provide the document?
@TinyTechnicalTutorials
5 ай бұрын
Hi Shellene! 👋 Sorry for the slow response! I think you've mostly got it correct, but just to make the distinction clear between a public file and a presigned URL file... -Public Files: When a file is made public on Amazon S3 (by opening up bucket permissions), it means that anyone with the URL can access it. This is similar to hosting files on a public website. This would be fine for things like public datasets, images for a website, or documents meant for public use. But for sensitive data, it's obviously not a good idea since (as you point out), anyone could access it. -Presigned URLs: This is a way to provide temporary access to a private file stored in an S3 bucket. This URL includes a signature and an expiration time, after which the URL becomes invalid. The main use case here is to securely share private files without making them publicly accessible to the entire internet. It gives you more control over who can access them and for how long. I hope that helps? 🤓
I am trying to access some lambda microservices using presigned url. What would be the params in that case? Sorry but I am new to this
@TinyTechnicalTutorials
Жыл бұрын
Hi Nitin! 😊 Can you give me a little more detail? You're trying to call a Lambda function? Or general a presigned URL from the Lambda function? Which parameters are you passing and from where?
How can I implement a restriction to allow logged users to download files only? I guess it's not with Pre-signed URLs...
@TinyTechnicalTutorials
Жыл бұрын
Hi Jose! When you say "logged in," do you mean logged in to the AWS Console? Or logged in to a custom app that you've built?
wow…. thanks … can we provide external user ( non IAM user ) access to whole bucket without making it public?
@TinyTechnicalTutorials
2 жыл бұрын
Hi Gaurav! Unfortunately, the presigned URL only works for a single object within the S3 bucket. If you need to share multiple files, the best approach is probably to compress them into a zip file and then generate a presigned URL for that zip. Hope that helps!
Hi Thanks for sharing the video One question if the object is located under nested directory then, how this code will work? After generating the URL, its saying the key does not exist.
@TinyTechnicalTutorials
Жыл бұрын
Hi Jayant! I haven't tested this out, but try using the folder name as part of the object name (for example, "/foldername/filename.extension"). S3 doesn't truly have folders. The folder name is just part of the object name. Here are a couple other links that might help: -stackoverflow.com/questions/56748449/creating-presigned-url-for-a-s3-folder-in-python -stackoverflow.com/questions/36344194/pre-signed-url-for-multiple-files
@curiousobserver123
Жыл бұрын
Hi Jayant, were you able to solve? I am attempting the same here; when a new zip gets uploaded, lambda gets triggered, for which I create a URL
@jayant5555
Жыл бұрын
@@curiousobserver123 yes i solved it, actually it is the issue with the folder naming, there should not be any space in the folder name.
Excellent. Didn't know you could do this.
@TinyTechnicalTutorials
Жыл бұрын
Glad it helped! Thanks for supporting the channel! 🙏
Fantastic Video... Very straightforward & helpful.. Many thanks..
@TinyTechnicalTutorials
Жыл бұрын
Yay! I'm so glad! :)
awesome tutorial, thanks for sharing !
@TinyTechnicalTutorials
2 жыл бұрын
Thanks so much, Prabhu! Glad you liked it!
First, thank you for this straight forward explanation. The reality is though, the need to share one file at a time is rare. Is there a way to create a presign url for a folder with sub-folders that contain objects?
@dfelton316
Жыл бұрын
I figured it out from your answer to someone else's question! I've subscribed as well! Thanks again!
@TinyTechnicalTutorials
Жыл бұрын
Oh, awesome! Glad you were able to find the answer. And welcome to the channel! 🤓🙏🌟
Really great content, thanks for this. Do you know of an optimal approach for generating presigned urls for multiple files at the same time? Let's say we have a web application where we want to request all the images in a bucket belonging to a particular user (which image belongs to who is stored in a database). I guess your backend could loop over all the requested files and generate an individual presigned url for each file, and then send the list back to the frontend for display. Any other thoughts on this approach? Thanks again!
@TinyTechnicalTutorials
Жыл бұрын
Thanks, James! :) Yeah, the looping approach you described is the only one I'm aware of. I don't know of a way to create a presigned URL for multiple files. Though I suppose you could zip the files up in S3, and then create a presigned URL to grab the zip?
@lifelessalarm
Жыл бұрын
@@TinyTechnicalTutorials Great, thanks! I think I'll go with the looping approach for now. Keep up the great content!
@TinyTechnicalTutorials
Жыл бұрын
Cheers! :)
Hello, Thank you for sharing. But I am a bit confused as I am able to share an uploaded PDF file using AWS S3 by simply selecting the uploaded file in my S3 bucket > clicking the OPEN button > opens in a new tab/ window and showing the uploaded PDF file. Then I simply copy the URL and share it with my friends via text/ Whats app/ iMessage/ FB messenger and everyone were able to access the file + Download it. Please let me know if this method (non-coding way) has a time limit of up to 12 hours or any other restrictions.
@siddheshveer
2 жыл бұрын
UPDATE: The URL now shows access denied. Can you suggest a solution so that there is no time limit interval to view the shared object/ file with a client? They have access to it all the time. Thank you!
@TinyTechnicalTutorials
2 жыл бұрын
Hi Sidd! If folks need access all the time, there are a few options. This article does a better job explaining than I will. :) aws.amazon.com/premiumsupport/knowledge-center/presigned-url-s3-bucket-expiration/. Hope it helps!
Great content!
@TinyTechnicalTutorials
3 ай бұрын
Yay!!! I'm so glad it helped. Thanks for supporting the channel, and for such a nice comment! 🙏🌟
Thanks a lot for the video.
@TinyTechnicalTutorials
Жыл бұрын
You bet! Thanks for watching! :)
I’m trying to use the s3 to store all the ebooks and digital content that I have for sale and in the end share the “object” address after payment. You have shared good content and I thank you but … I’m still in the dark.
@TinyTechnicalTutorials
Жыл бұрын
Hey Dave! Apologies for SUCH a slow response! Hope you were able to sort this out. Let me know if you're still in the dark about anything.
Thank you.
@TinyTechnicalTutorials
Жыл бұрын
You bet! Thanks for watching! 😊