Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Grant Pre-signed style url access to whole directory

I have a node app and am using the aws-sdk. I'm able to successfully call the getSignedUrl() method and get a URL to a specific file. However I'd like to be able to grant * access recursively inside a specific directory rather than just a single file. Is this even possible?

like image 832
jolyonruss Avatar asked Nov 26 '14 15:11

jolyonruss


1 Answers

A Pre-Signed URL permits access to private objects stored on Amazon S3. It is a means of keeping objects secure, yet grant temporary access to a specific object.

It is created via a hash calculation based on the object path, expiry time and a shared Secret Access Key belonging to an account that has permission to access the Amazon S3 object. As such, each pre-signed URL is unique to each object and cannot act as a wildcard for an entire directory.

Some alternatives:

  • Grant public access to all objects in the subdirectory via a Bucket Policy. This means that the objects are no longer private, but it is the easiest way to "publish" a bucket or directory or objects.
  • Access via the API rather than plan URLS, which includes the passing of credentials that can be linked to a User created in Identity and Access Management (IAM). This would involve using a tool such as the AWS Command Line Interface (CLI) to retrieve the objects rather than a web browser and has the benefit that it can copy multiple objects at the same time (just like a normal cp command).

See also: AWS CLI copy command

like image 115
John Rotenstein Avatar answered Oct 13 '22 23:10

John Rotenstein