Is it possible to access a private s3 bucket objects without using a pre-signed URL? (boto3, python)

Question

My code accesses a PDF file in an Amazon S3 bucket (not public) by generating a pre-signed url and pass the generated URL into PDF.js to view it in the browser.

I'm having a problem in which I have to generate a pre-signed url every time I access the PDF file, and I find this cumbersome. My solution for now is to save the pre-signed URL into database and check it, if it has expired or not. If it has expired, then generate a new URL, otherwise use the existing URL.

My question: Is it possible to access an object without using pre-signed URL?

Answer 1

If your intention is to provide a URL such that a web browser can open the file, then a pre-signed URL is definitely the best method.

If you wanted to access via an API call, then you could call the Amazon S3 API with standard credentials to access private objects, but this won't work in a web browser.

Pre-signed URLs can be created with a few lines of code -- much faster and simpler than storing a URL in a database.

I see you're using Python, so here's some sample code from how to generate url from boto3 in amazon web services:

import boto3
s3Client = boto3.client('s3')
s3Client.generate_presigned_url('get_object', Params = {'Bucket': 'www.mybucket.com', 'Key': 'hello.txt'}, ExpiresIn = 100)

This code does not make a call to AWS! It is generated locally based on the supplied parameters. I tested this by disconnecting my computer from the network before running generate_presigned_url() and it returned a result immediately.

Therefore, generating a signed URL takes very little effort and effectively no processing time. I don't see why this would be inconvenient for you. (And it's way easier than doing anything with a database!)