If you store files on S3, sharing them with someone who doesn't have access can be a little painful. One way to do it is temporarily make the file public, but then you need to remember to make it private after the other person has downloaded it.
The AWS docs explain a way to pre-sign a link that will be usable only for a short time, and only for the specific file. This is a pretty cool mechanism. It's almost like a "this message will self-destruct in 10 seconds". Here's a quote from the AWS docs about the idea:
All objects by default are private. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a pre-signed URL, using their own security credentials, to grant time-limited permission to download the objects.
I recently wrote a little command line tool to make generating these links as easy as possible. The name is suuuper creative:
s3url. You can find it on Github.
First, you need your AWS credentials, the access key ID and the secret access key. I place these in my
export AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE export AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Then, I upload the file I want to share, using the AWS S3 command line interface:
$ aws s3 cp path/to/file.txt s3://my-bucket/file.txt upload: path/to/file.txt to s3://my-bucket/file.txt
The destination of that
cp command can be given to
s3url, and it will generate a signed URL for that object:
$ s3url s3://my-bucket/file.txt https://my-bucket.s3.amazonaws.com/file.txt?Signature=d3HZ5yFfR6a%2FXfSHdZ%2B%2FI6kWENU%3D&Expires=1397391353&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
By default, the URL will last for 24 hours. If you want to change the expiration time, add an
$ s3url -e 15m s3://my-bucket/file.txt https://my-bucket.s3.amazonaws.com/file.txt?Signature=gatuFFnQhXO2%2BUE8GZvGzFmU%2BOU%3D&Expires=1397306075&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
It's available on PyPI, so installing it's as easy as:
$ pip install s3url
Check out the README for more details.