Menu
I have an s3 bucket that has individual folders that contain different websites. I would like to generate a presigned url for access to a specific folder, however I would like to have the url allow access to all objects in that folder. Is this possible?
I'm using the ruby aws-sdk gem v2.
My existing code looks like this
def get_object_url(bucket_name, object_name)
res = Aws::S3::Resource::new
obj = res.bucket(bucket_name).object(object_name)
exp = 1.day
url = obj.presigned_url(:get, {
expires_in: exp,
virtual_host: true
})
url
end
passing the folder name as object_name doesn't work.
729
If the IAM user and S3 bucket belong to the same AWS account, then you can grant the user access to a specific bucket folder using an IAM policy. As long as the bucket policy doesn't explicitly deny the user access to the folder, you don't need to update the bucket policy if access is granted by the IAM policy.
Pre-signed URLs are used to provide short-term access to a private object in your S3 bucket. They work by appending an AWS Access Key, expiration time, and Sigv4 signature as query parameters to the S3 object. There are two common use cases when you may want to use them: Simple, occasional sharing of private files.
S3 pre-signed URLs are a form of an S3 URL that temporarily grants restricted access to a single S3 object to perform a single operation — either PUT or GET — for a predefined time limit. To break it down: It is secure — the URL is signed using an AWS access key.
To generate a presigned URL using the AWS Management ConsoleIn the Buckets list, choose the name of the bucket that contains the object that you want a presigned URL for. In the Objects list, select the object that you want to create a presigned URL for. On the Actions menu, choose Share with a presigned URL.
No, S3 doesn't really have a true concept of a folder. The folders are "created" using segments of the object paths. They do not exist independently of objects.
142
I recently had this problem and i could find a solution with custom policies for signed URL using cloudfront.
Has some pros and cons, the main one is that u dont need to sign for each object so is much more faster if you need to share many objects. But it goes like outside of aws traffic.
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html
26
My workaround will be to compress files and folder structure into an archive (like zip) and just upload that single object (file) to the presigned URL.
3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
