# Presigned URL

cegedim.cloud Object Storage Service support presigned URLs to grant access to objects without needing credentials.

Presigned URLs are used to provide short-term access to a private object in your S3 bucket. They work by appending an `Access_Key`, expiration time, and **Sigv4** signature as query parameters to the S3 object.

Also, presigned URLs allow you to grant someone right to *upload* a specific object in your Bucket.

There are two common use cases when you may want to use them:

* Simple, occasional sharing of private files
* Frequent, programmatic access to view an object in an application
* Frequent, programmatic access to upload an object through an application

## Generating a Presigned URL (download) <a href="#presignedurls-generatingapre-signeds3url" id="presignedurls-generatingapre-signeds3url"></a>

{% hint style="info" %}
We use **aws s3** and **aws s3api** command line tools from AWSCLIv2 on Linux.

**`${S3_ENDPOINT}`** & **`${S3_PROFILE}`** are environment variables.
{% endhint %}

{% code overflow="wrap" %}

```bash
aws s3 --endpoint-url=${S3_ENDPOINT} presign s3://bucket-test/feather.ttf --expires-in 600 --profile ${S3_PROFILE}
```

{% endcode %}

{% code title="Output" overflow="wrap" %}

```bash
https://storage-eb4.cegedim.cloud/bucket-test/feather.ttf?AWSAccessKeyId=fzs37xbv5615hygx2wkm&Signature=S4jFPas53s8cnwdDieMHrhc0ddE%3D&Expires=1666821099
```

{% endcode %}

In this example, the generated URL have an expiration of **10 minutes.** After this time, the object will no longer be accessible.

{% hint style="info" %}
**--expires-in** (integer) Number of seconds until the presigned URL expires. Default value is 3600 seconds.

The maximum expiration time is **7 Days.**
{% endhint %}

## Generating a Presigned URL (upload)

{% hint style="warning" %}
If an object with the same key already exists in the bucket as specified in the presigned URL, the existing object will be **overridden**.
{% endhint %}

{% hint style="info" %}
**aws s3 and aws s3api don't support upload presigned url generation.**

You need to use AWS SDK to create Presigned Url for Upload.

Below, a simple example using \[AWS SDK for Python (Boto3)]\(<https://boto3.amazonaws.com/v1/documentation/api/latest/index.html>)
{% endhint %}

{% hint style="info" %}
Upload Presigned URL work only with **path style** addressing.

Replace `aws_access_key_id` and `aws_secret_access_key` by our own credentials.

`ExpiresIn` (integer): Number of seconds until the presigned URL expires. Default value is 3600 seconds. The maximum expiration time is 7 Days.
{% endhint %}

```python
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import boto3
from botocore.client import Config
s3 = boto3.client('s3')
s3 = boto3.client(
    's3',
    aws_access_key_id='xxxxx',
    aws_secret_access_key='xxxxx',
    config=Config(s3={'addressing_style': 'path'}),
    endpoint_url='https://storage-eb4.cegedim.cloud'
)
bucket = "bucket-test"
key = "feather.ttf"

print(s3.generate_presigned_url('put_object', Params={'Bucket':bucket,'Key':key}, ExpiresIn=300, HttpMethod='PUT'))
```

```sh
# Output

# Run Python script
./create_presign_url_upload.py

#Ouput
https://storage-eb4.cegedim.cloud/bucket-test/feather.ttf?AWSAccessKeyId=fzs37xbv5615hygx2wkm&Signature=NI%2BvoHYhWEFPDR04ioeFfBz5fks%3D&Expires=1712056959
```

You can use tool like `curl` to upload your object to your bucket, using the URL generated previously:

```sh
curl --request PUT --upload-file feather.ttf 'https://storage-eb4.cegedim.cloud/bucket-test/feather.ttf?AWSAccessKeyId=fzs37xbv5615hygx2wkm&Signature=NI%2BvoHYhWEFPDR04ioeFfBz5fks%3D&Expires=1712056959'
```