Share files from a bucket with presign keys
Purpose
AWS presigned URLs (or presign keys) are used to grant temporary access to objects in Amazon S3 without requiring the recipient to have AWS security credentials. Here are the main purposes:
- Download Access: You can generate a presigned URL to allow someone to download an object from your S3 bucket without needing their own AWS credentials
- Upload Access: Similarly, you can create a presigned URL to permit someone to upload a specific object to your S3 bucket
- Time-Limited Access: The access provided by a presigned URL is time-limited, meaning it will expire after a specified duration
This is particularly useful for sharing files securely or allowing temporary uploads without exposing your AWS credentials.
Warning: only files can be shared this way, so if you want to share a folder, you have to create an archive of this folder first.
Prerequisite
The bucket has to be opened on the outside, if it's not the case, send an email to helpdesk@unil.ch with the subject starting with "DCSR S3 bucket".
Create a presign key with aws-cli
You can either install awscli on your laptop since it's a simple Python package, or use it from the cluster (there is a module called awscli-v2
that you can simploy load).
Configuration
If it's not configured yet, you can run aws configure
command. This will ask you for:
- AWS Access Key ID: you have to provide the read/write access key corresponding to your bucket
- AWS Secret Access Key: you have to provide the read/write secret key corresponding to your bucket
- Default region name: you can put
us-east-1
- Default output format: you can put
json
This will create two files:
- ~/.aws/config
- ~/.aws/credentials
Presign key creation
Let's consider that you want the file to_share/important_file.gz
from the bucket recn-fac-fbm-dep-greatpi-data
, you can use the following command:
aws --endpoint-url=https://s3.unil.ch s3 presign \
s3://recn-fac-fbm-dep-greatpi-data/to_share/important_file.gz \
--expires-in 604800
The value defined with --expires-in parameter is the validity of the link expressed in seconds. The maximum validity is 7 days.
This command will return a link that can be shared with your external collaborator.
Create a presign key with Cyberduck
Once your connection to the bucket is configured with Cyberduck, you can browse it. Then right click to file you want to share, then choose "Copy URL", and choose one of the 3 expiration options (1 hour, 1 day, 1 week). Finally, just paste the result somewhere to get the link.