12

My code accesses a PDF file in an Amazon S3 bucket (not public) by generating a pre-signed url and pass the generated URL into PDF.js to view it in the browser.

I'm having a problem in which I have to generate a pre-signed url every time I access the PDF file, and I find this cumbersome. My solution for now is to save the pre-signed URL into database and check it, if it has expired or not. If it has expired, then generate a new URL, otherwise use the existing URL.

My question: Is it possible to access an object without using pre-signed URL?

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Julio de Leon
  • 1,032
  • 3
  • 14
  • 30

1 Answers1

16

If your intention is to provide a URL such that a web browser can open the file, then a pre-signed URL is definitely the best method.

If you wanted to access via an API call, then you could call the Amazon S3 API with standard credentials to access private objects, but this won't work in a web browser.

Pre-signed URLs can be created with a few lines of code -- much faster and simpler than storing a URL in a database.

I see you're using Python, so here's some sample code from how to generate url from boto3 in amazon web services:

import boto3
s3Client = boto3.client('s3')
s3Client.generate_presigned_url('get_object', Params = {'Bucket': 'www.mybucket.com', 'Key': 'hello.txt'}, ExpiresIn = 100)

This code does not make a call to AWS! It is generated locally based on the supplied parameters. I tested this by disconnecting my computer from the network before running generate_presigned_url() and it returned a result immediately.

Therefore, generating a signed URL takes very little effort and effectively no processing time. I don't see why this would be inconvenient for you. (And it's way easier than doing anything with a database!)

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • I thought, too much generated URL would slow down my system, so I'm thinking of another way to solve it. – Julio de Leon Jun 15 '17 at 06:05
  • 5
    Huh? The above code takes a few milliseconds to run, and doesn't even use any network or disk. You won't get better than that! – John Rotenstein Jun 15 '17 at 06:27
  • @JohnRotenstein when i use generate_presigned_url function, it also attach my "access key id" as a download URL for a file, is there any way my bucket remain private and my access key id don't expose as well ? – jahmed31 Apr 20 '20 at 13:20
  • 1
    @jahmed31 It is okay for your Access Key to be public. However, you should protect your Secret Access Key (which is used to generate a pre-signed URL but is not shown in the pre-signed URL). It's like the difference between a username and a password. – John Rotenstein Apr 21 '20 at 04:45