Is it possible to share files for selective users using Amazon S3
I have few files in my S3 bucket. Is it possible to share them with selected users. Those people might not have Amazon S3 account. I know if i make it public everyone could able to download the files using URL.
I want something like an encryp开发者_开发百科ted URL or an URL that asks for some Username and password immediately when it is been hit.
And also i do not want to install any new/ third party softwares to be installed by everyone.
Thanks
Absolutely.
You can make your files private and then generate time expiring signed urls to your files.
The signed urls are generated using your public key and secret key and are set to expire at a specified time in the future.
Depending on what technology you are using, its probably easiest to generate the urls using one of the AWS SDKS.
Signed urls look something like:
http://[bucket].s3.amazonaws.com/[key]?AWSAccessKeyId=[AWS_Public_Key]&Expires=1294766482&Signature=[generated_hash]
I explain a bit more about these urls in this answer.
Here is a sample ruby code to generate signed urls for a particular location in your bucket.
Install aws-sdk
:
gem install aws-sdk
Create a new file, name it as you want, I choose shareS3files.rb
see it on gist.github.com:
#!/usr/bin/env ruby
require 'aws-sdk'
require 'json'
#loading credentials
creds = JSON.load(File.read('secrets.json'))
creds = Aws::Credentials.new(creds['AccessKeyId'], creds['SecretAccessKey'])
#loading config
conf = JSON.load(File.read('config.json'))
# Create a new S3 object
s3 = Aws::S3::Client.new(credentials: creds, region: conf['Region'])
# Create a resource object, simpler to use
resource = Aws::S3::Resource.new(client: s3)
bucket = resource.bucket(conf['Bucket'])
# enumerate every object in a bucket, and create a pre signed url with a 5 days expiration limit
bucket.objects(prefix: 'conf['Location']').each do |obj|
puts "#{obj.key} => #{obj.object.presigned_url(:get, expires_in: 5 * 24 * 60 * 60)}"
end
Now, create both credential and configuration files:
secrets.json
:
{
"AccessKeyId": "TOCHANGE",
"SecretAccessKey": "TOCHANGE"
}
config.json
:
{
"Region": "TOCHANGE",
"Bucket": "tochange",
"Location": "to/change/"
}
Further aws and ruby doc:
- Kit SDK AWS pour Ruby
- AWS SDK for Ruby V2
If you have the AWS CLI installed you can simply use presign.
aws s3 presign s3://[bucket]/[path_filename]
You can also set the link to expire in 24hrs 86400 = (60 * 60 * 24))
aws s3 presign s3://[bucket]/[path_filename] --expires-in 86400
精彩评论