Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Pre-signed url for multiple files?

I have written an implementation for generating pre-signed URLS for a bucket on aws-s3. It works fine, for getting single files/objects.

How would I go about this for generating pre-signed URLS for entire directories? Lets put it this way, on my s3 bucket, there are multiple folders with their own small html5 applications. Each folder has their own set of html, css, js, as well as media files. I wouldn't be generating a pre-signed URL for single object, in this case.

If I give a pre-signed url for a single file, for example: an index.html for a folder, that file would also need to load css, js, and media files as well. Files we don't have a signed url for.

I'm just not too sure on how to go about implementing this.

like image 824
nkl Avatar asked Mar 31 '16 21:03

nkl


People also ask

Can Presigned URL be used multiple times?

A presigned URL is valid only for the specified duration. That is, you must start the action that's allowed by the URL before the expiration date and time. You can use a presigned URL multiple times, up to the expiration date and time.

How do I get a pre-signed URL?

To generate a presigned URL using the AWS Management ConsoleIn the Buckets list, choose the name of the bucket that contains the object that you want a presigned URL for. In the Objects list, select the object that you want to create a presigned URL for. On the Actions menu, choose Share with a presigned URL.

When should I use Presigned URL S3?

Pre-signed URLs are used to provide short-term access to a private object in your S3 bucket. They work by appending an AWS Access Key, expiration time, and Sigv4 signature as query parameters to the S3 object. There are two common use cases when you may want to use them: Simple, occasional sharing of private files.

Is S3 Presigned URL safe?

Pre-signed URLs can be generated for an S3 object, allowing anyone who has the URL to retrieve the S3 object with an HTTP request. Not only is this more secure due to the custom nature of the URL, but the available options also allow you to set an expiration on the URL, the default being one hour.


2 Answers

No, they would need to provide an API to allow you to upload multiple files first. This is a limitation of the API, not pre-signing.

See Is it possible to perform a batch upload to amazon s3?.

like image 143
poida Avatar answered Sep 22 '22 21:09

poida


This is absolutely possible and has been for years. You must use conditions when generating a presigned URL, specifically starts-with. See the official Amazon Documentation.

As an example, here is Python with Boto3 generating a presigned POST url:

    response = s3.generate_presigned_post(         "BUCKET_NAME",         "uploads/${filename}",         Fields=None,         Conditions=[["starts-with", "$key", "uploads/"]],         ExpiresIn=(10 * 60),     ) 
like image 44
John Clarke Mills Avatar answered Sep 23 '22 21:09

John Clarke Mills