Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does generating a pre-signed URL to an S3 object using the AWS SDK cost anything?

Using the AWS SDK in any language, you can generate a pre-signed URL to an PRIVATE S3 object and then anyone who has the URL can use it download the object. This is explained here:

https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html

This is a great way to reduce load on your own server. You can pass off the actual download work to S3 if your clients with follow a redirect. My question is, does actually generating that URL cost anything--I mean actual MONEY. I understand that USING the URL will incur a GET request charge but what about actually generating the URL? Is it equivalent to an S3 GET request ($.0004 per 1000 requests) or a PUT request ($.005 per 1000 requests) or both or neither or something else? I can't seem to find any documentation this. This is important if you're talking about 10s of millions of requests.

like image 797
metaphyze Avatar asked Mar 18 '19 22:03

metaphyze


People also ask

How do I get pre-signed URL S3?

Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/ . In the Buckets list, choose the name of the bucket that contains the object that you want a presigned URL for. In the Objects list, select the object that you want to create a presigned URL for.

What are S3 pre-signed URLs?

A presigned URL is a URL that you can provide to your users to grant temporary access to a specific S3 object. Using the URL, a user can either READ the object or WRITE an Object (or update an existing object). The URL contains specific parameters which are set by your application.

What is the main advantage to a pre-signed URL?

A presigned URL gives you access to the object identified in the URL, provided that the creator of the presigned URL has permissions to access that object.

Are S3 pre-signed URLs secure?

Pre-signed URLs can be generated for an S3 object, allowing anyone who has the URL to retrieve the S3 object with an HTTP request. Not only is this more secure due to the custom nature of the URL, but the available options also allow you to set an expiration on the URL, the default being one hour.


1 Answers

No, it doesn't cost anything. Generating a pre-signed URL is a purely client-side operation. There are no AWS costs associated with this and there is no network activity. The SDK you're using takes your current credentials, the bucket and key for your object, your method of choice (e.g. GET), an expiration time, optional HTTP headers, and calculates and signs a URL, all done locally.

It's worth noting that you can create a pre-signed URL that's not actually usable. If you use invalid, or expired, credentials for example. Or a non-existent bucket or object key. In both cases, you will be able to create a pre-signed URL but access will be denied when the URL is eventually presented to S3.

You can verify this with any SDK or the AWSCLI by going offline and then pre-signing a URL. Here's an example of using the AWSCLI:

aws s3 presign s3://situla/canes/fido.png 

This will succeed when your computer is offline, just as it does when online.

like image 196
jarmod Avatar answered Oct 09 '22 22:10

jarmod