Using the AWS SDK in any language, you can generate a pre-signed URL to an PRIVATE S3 object and then anyone who has the URL can use it download the object. This is explained here:
https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html
This is a great way to reduce load on your own server. You can pass off the actual download work to S3 if your clients with follow a redirect. My question is, does actually generating that URL cost anything--I mean actual MONEY. I understand that USING the URL will incur a GET request charge but what about actually generating the URL? Is it equivalent to an S3 GET request ($.0004 per 1000 requests) or a PUT request ($.005 per 1000 requests) or both or neither or something else? I can't seem to find any documentation this. This is important if you're talking about 10s of millions of requests.
Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that contains the object that you want a presigned URL for. In the Objects list, select the object that you want to create a presigned URL for.
A presigned URL is a URL that you can provide to your users to grant temporary access to a specific S3 object. Using the URL, a user can either READ the object or WRITE an Object (or update an existing object). The URL contains specific parameters which are set by your application.
A presigned URL gives you access to the object identified in the URL, provided that the creator of the presigned URL has permissions to access that object.
Pre-signed URLs can be generated for an S3 object, allowing anyone who has the URL to retrieve the S3 object with an HTTP request. Not only is this more secure due to the custom nature of the URL, but the available options also allow you to set an expiration on the URL, the default being one hour.
No, it doesn't cost anything. Generating a pre-signed URL is a purely client-side operation. There are no AWS costs associated with this and there is no network activity. The SDK you're using takes your current credentials, the bucket and key for your object, your method of choice (e.g. GET), an expiration time, optional HTTP headers, and calculates and signs a URL, all done locally.
It's worth noting that you can create a pre-signed URL that's not actually usable. If you use invalid, or expired, credentials for example. Or a non-existent bucket or object key. In both cases, you will be able to create a pre-signed URL but access will be denied when the URL is eventually presented to S3.
You can verify this with any SDK or the AWSCLI by going offline and then pre-signing a URL. Here's an example of using the AWSCLI:
aws s3 presign s3://situla/canes/fido.png
This will succeed when your computer is offline, just as it does when online.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With