Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Generate S3 pre-signed URL with v4 signature using python boto3

The following does not work:

From the boto 3 docs:

http://boto3.readthedocs.io/en/latest/guide/s3.html#generating-presigned-urls

This is my script with placeholder bucket and key values:

import boto3
import requests
from botocore.client import Config

# Get the service client.
s3 = boto3.client('s3', config=Config(signature_version='s3v4'))

# Generate the URL to get 'key-name' from 'bucket-name'
url = s3.generate_presigned_url(
    ClientMethod='get_object',
    Params={
        'Bucket': 'mybucketname',
        'Key': 'myObject.txt'
    }
)

print url
response = requests.get(url)
print response

S3 responds with a 403:

<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>B5681E888657E2A1</RequestId>
<HostId>
FMS7oPPOXt4I0KXPPQwdBx2fyxze+ussMmy/BOWLVFusWMoU2zAErE08ez34O6VhSYRvIYFm7Bs=
</HostId>
</Error>
like image 621
RandomUser Avatar asked Sep 21 '17 02:09

RandomUser


People also ask

What are S3 pre-signed URLs?

Pre-signed URLs are used to provide short-term access to a private object in your S3 bucket. They work by appending an AWS Access Key, expiration time, and Sigv4 signature as query parameters to the S3 object. There are two common use cases when you may want to use them: Simple, occasional sharing of private files.

How do I use a pre-signed URL?

When you create a presigned URL, you must provide your security credentials and then specify a bucket name, an object key, an HTTP method (PUT for uploading objects), and an expiration date and time. The presigned URLs are valid only for the specified duration.

How do I create a signed URL?

To create a valid pre-signed URL for your object, you must provide your security credentials, specify a bucket name, an object key, specify the HTTP method (for instance the method is "GET" to download the object) and expiration date and time. Anyone who receives the pre-signed URL can then access the object.


1 Answers

You need to provide aws credentials with your boto3 client. Docs here

If you need help getting access to your credentials on aws you can look here.

import boto3
client = boto3.client(
    's3',
    aws_access_key_id=ACCESS_KEY,
    aws_secret_access_key=SECRET_KEY,
    aws_session_token=SESSION_TOKEN,
)

# Or via the Session
session = boto3.Session(
    aws_access_key_id=ACCESS_KEY,
    aws_secret_access_key=SECRET_KEY,
    aws_session_token=SESSION_TOKEN,
)
like image 180
Kyle Avatar answered Nov 05 '22 20:11

Kyle