# Presigned URL

cegedim.cloud Object Storage Service support presigned URLs to grant access to objects without needing credentials.

Presigned URLs are used to provide short-term access to a private object in your S3 bucket. They work by appending an `Access_Key`, expiration time, and **Sigv4** signature as query parameters to the S3 object.

Also, presigned URLs allow you to grant someone right to *upload* a specific object in your Bucket.

There are two common use cases when you may want to use them:

* Simple, occasional sharing of private files
* Frequent, programmatic access to view an object in an application
* Frequent, programmatic access to upload an object through an application

## Generating a Presigned URL (download) <a href="#presignedurls-generatingapre-signeds3url" id="presignedurls-generatingapre-signeds3url"></a>

{% hint style="info" %}
We use **aws s3** and **aws s3api** command line tools from AWSCLIv2 on Linux.

**`${S3_ENDPOINT}`** & **`${S3_PROFILE}`** are environment variables.
{% endhint %}

{% code overflow="wrap" %}

```bash
aws s3 --endpoint-url=${S3_ENDPOINT} presign s3://bucket-test/feather.ttf --expires-in 600 --profile ${S3_PROFILE}
```

{% endcode %}

{% code title="Output" overflow="wrap" %}

```bash
https://storage-eb4.cegedim.cloud/bucket-test/feather.ttf?AWSAccessKeyId=fzs37xbv5615hygx2wkm&Signature=S4jFPas53s8cnwdDieMHrhc0ddE%3D&Expires=1666821099
```

{% endcode %}

In this example, the generated URL have an expiration of **10 minutes.** After this time, the object will no longer be accessible.

{% hint style="info" %}
**--expires-in** (integer) Number of seconds until the presigned URL expires. Default value is 3600 seconds.

The maximum expiration time is **7 Days.**
{% endhint %}

## Generating a Presigned URL (upload)

{% hint style="warning" %}
If an object with the same key already exists in the bucket as specified in the presigned URL, the existing object will be **overridden**.
{% endhint %}

{% hint style="info" %}
**aws s3 and aws s3api don't support upload presigned url generation.**

You need to use AWS SDK to create Presigned Url for Upload.

Below, a simple example using \[AWS SDK for Python (Boto3)]\(<https://boto3.amazonaws.com/v1/documentation/api/latest/index.html>)
{% endhint %}

{% hint style="info" %}
Upload Presigned URL work only with **path style** addressing.

Replace `aws_access_key_id` and `aws_secret_access_key` by our own credentials.

`ExpiresIn` (integer): Number of seconds until the presigned URL expires. Default value is 3600 seconds. The maximum expiration time is 7 Days.
{% endhint %}

```python
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import boto3
from botocore.client import Config
s3 = boto3.client('s3')
s3 = boto3.client(
    's3',
    aws_access_key_id='xxxxx',
    aws_secret_access_key='xxxxx',
    config=Config(s3={'addressing_style': 'path'}),
    endpoint_url='https://storage-eb4.cegedim.cloud'
)
bucket = "bucket-test"
key = "feather.ttf"

print(s3.generate_presigned_url('put_object', Params={'Bucket':bucket,'Key':key}, ExpiresIn=300, HttpMethod='PUT'))
```

```sh
# Output

# Run Python script
./create_presign_url_upload.py

#Ouput
https://storage-eb4.cegedim.cloud/bucket-test/feather.ttf?AWSAccessKeyId=fzs37xbv5615hygx2wkm&Signature=NI%2BvoHYhWEFPDR04ioeFfBz5fks%3D&Expires=1712056959
```

You can use tool like `curl` to upload your object to your bucket, using the URL generated previously:

```sh
curl --request PUT --upload-file feather.ttf 'https://storage-eb4.cegedim.cloud/bucket-test/feather.ttf?AWSAccessKeyId=fzs37xbv5615hygx2wkm&Signature=NI%2BvoHYhWEFPDR04ioeFfBz5fks%3D&Expires=1712056959'
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://academy.cegedim.cloud/storage/object-storage/object-storage-features/presigned-url.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.