If you want to give your users temporary access to a private S3 file without giving them access to the AWS console, you will need to generate an S3 presigned URL of your target file.
To generate and test the S3 presigned URL, you can try the code below.
import boto3
import requests
# Initialize boto3 to use the S3 client.
s3_client = boto3.client('s3')
# Generate the S3 presigned URL
s3_presigned_url = s3_client.generate_presigned_url(
ClientMethod='get_object',
Params={
'Bucket': 'radishlogic-bucket',
'Key': 's3_folder/notes.txt'
},
ExpiresIn=3600
)
# Print the created S3 presigned URL
print(s3_presigned_url)
Output
https://radishlogic-bucket.s3.amazonaws.com/s3_folder/notes.jpg?AWSAccessKeyId=AKIAV2JPEQJTHYIHEIJF&Signature=gjEZS%2FIRyykKRz3FwRCm6ObZa14%3D&Expires=1679923267
In the code above, we are generating an S3 presigned URL for the object inside the bucket named radishlogic-bucket, with the key of s3_folder/notes.txt.
We are also assigning an expiration of 1 hour (3600 seconds) for the generated URL.
The ExpiresIn
parameter is optional. If you do not include that in your code it will default to the value of 1 hour (3600 seconds).
Once we have generated the S3 presigned URL, we print it in the console.
Accessing the file/object using S3 presigned URL
Once you get the S3 presigned URL, just open an internet browser and enter the URL in the address bar and you will be able to access the target file even if the file is in a private S3 bucket.
You can also access the file by using an HTTP request in Python.
import requests
s3_presigned_url = 'https://radishlogic-bucket.s3.amazonaws.com/s3_folder/notes.txt?AWSAccessKeyId=AKIAV2JPEQJTHYIHEIJF&Signature=LtxyvxUZukdBRZUgVPn3FiIDLaM%3D&Expires=1679940671'
# Use the requests package to retrieve the contents of S3 presigned URL target object
response = requests.get(s3_presigned_url)
# Print the response code
print(response.status_code)
# Print the text content of the S3 presigned URL target object
print(response.text)
This will print the Status Code of the response. Then print the text content of the target S3 object.
Generating S3 presigned URL and accessing the S3 object in a single Python script
I’m adding this here since it is easier to understand the S3 presigned URL when the generation and access are written in a single Python script.
import boto3
import requests
# Initialize boto3 to use the S3 client.
s3_client = boto3.client('s3')
# Generate the S3 presigned URL
s3_presigned_url = s3_client.generate_presigned_url(
ClientMethod='get_object',
Params={
'Bucket': 'radishlogic-bucket',
'Key': 's3_folder/notes.txt'
},
ExpiresIn=3600
)
# Print the created S3 presigned URL
print(s3_presigned_url)
# Use the requests package to retrieve the contents of S3 presigned URL target object
response = requests.get(s3_presigned_url)
# Print the response code
print(response.status_code)
# Print the text content of the S3 presigned URL target object
print(response.text)
FAQ regarding S3 presigned URLs
Can I generate a single S3 presigned URL for multiple S3 objects?
As of now, you can only generate S3 presigned URL only for a single S3 object.
If you want to give access to multiple S3 objects, then you will have to generate an S3 presigned URL for each one of them.
Can I generate an S3 presigned URL to upload files?
Yes, you can. You will need to use the generate_presigned_post()
function of boto3.client
.
I will be writing about this in a future post. For now, you can access the boto3 documentation about it here.
We hope this helps you provide temporary access to specific files inside your S3 Bucket by generating S3 presigned URLs using Python and boto3.
Let us know your experience in the comments below.
Great information! Thank you very much.