How to Generate S3 PUT Presigned URLs with AWS SDK in Python

Prerequisites

• Python 3.x installed
• AWS credentials configured in ~/.aws/credentials

1. Install Python 3 and Required Packages:

   sudo yum install python3 -y

2. Configure AWS Credentials:

   • Ensure credentials are set up in ~/.aws/credentials.
   • Follow AWS authentication best practices for security.

Step 1: Create the Python Script

This Python script generates a PUT presigned URL for uploading files to an S3 bucket.

1. Create and Configure the Script:

   vim put-only-url.py
   chmod +x put-only-url.py

2. Python Code: Save the following as put-only-url.py:

   import argparse
   import boto3
   from botocore.exceptions import ClientError
   
   def generate_presigned_url(s3_client, client_method, method_parameters, expires_in):
       """
       Generate a presigned Amazon S3 URL that can be used to perform an action.
       
       :param s3_client: A Boto3 Amazon S3 client.
       :param client_method: The name of the client method that the URL performs.
       :param method_parameters: The parameters of the specified client method.
       :param expires_in: The number of seconds the presigned URL is valid for.
       :return: The presigned URL.
       """
       try:
           url = s3_client.generate_presigned_url(
               ClientMethod=client_method,
               Params=method_parameters,
               ExpiresIn=expires_in
           )
       except ClientError:
           print(f"Couldn't get a presigned URL for client method '{client_method}'.")
           raise
       return url
   
   def main():
       parser = argparse.ArgumentParser()
       parser.add_argument("bucket", help="The name of the bucket.")
       parser.add_argument("key", help="The key (path and filename) in the S3 bucket.")
       args = parser.parse_args()
       
       # By default, this will use credentials from ~/.aws/credentials
       s3_client = boto3.client("s3")
       
       # The presigned URL is specified to expire in 1000 seconds
       url = generate_presigned_url(
           s3_client, 
           "put_object", 
           {"Bucket": args.bucket, "Key": args.key}, 
           1000
       )
       print(f"Generated PUT presigned URL: {url}")
   
   if __name__ == "__main__":
       main()

Step 2: Generate the Presigned URL

Run the script with your bucket name and desired object key to generate a presigned URL.

Command:

python put-only-url.py <bucket-name> <object-key>

Example:

python put-only-url.py bucket-name example-file.jpg

Output: The script will display a presigned URL valid for 1000 seconds (approximately 16.7 minutes). For example:

Generated PUT presigned URL: https://bucket-name.s3.amazonaws.com/example-file.jpg?AWSAccessKeyId=***&Signature=***&Expires=***

Step 3: Use the Presigned URL

Upload a file to S3 using the generated presigned URL with curl.

Command:

curl -X PUT -T "path/to/your/local/file" "generated-presigned-url"

Example:

curl -X PUT -T "/home/user/files/example-file.jpg" "https://bucket-name.s3.amazonaws.com/example-file.jpg?AWSAccessKeyId=***&Signature=***&Expires=***"

Important Notes

1. The presigned URL expires after the specified time (1000 seconds in this example).
2. The local file name in the upload command does not need to match the S3 object key.
3. Ensure your AWS credentials have the necessary permissions to generate presigned URLs and upload files.
4. Treat the presigned URL as sensitive information and handle it securely.

References

1. Uploading objects with presigned URLs
2. Create a presigned URL for Amazon S3 using an AWS SDK