- Newest
- Most votes
- Most comments
There are several ways to do this. I prefer to work with Json Web Tokens.
var token = GenerateJwtToken(user);
presignedUrl = presignedUrl + "&token=" + token;
More on this here: https://jwt.io/
When generating an S3 presigned URL, it's important to note that user-specific parameters cannot be directly passed. Instead, AWS S3 supports specific parameters that can be included in the presigned URL request. These allow for more granular control over object retrieval. They are:
Bucket, IfMatch, IfModifiedSince, IfNoneMatch, IfUnmodifiedSince, Key, Range, ResponseCacheControl, ResponseContentDisposition, ResponseContentEncoding, ResponseContentLanguage, ResponseContentType, ResponseExpires, VersionId, SSECustomerAlgorithm, SSECustomerKey, SSECustomerKeyMD5, RequestPayer, PartNumber, ExpectedBucketOwner
Here is a sample code of how to include these parameters in your presigned URL.
import boto3
from botocore.client import Config
# Get the service client with sigv4 configured
s3 = boto3.client('s3', config=Config(signature_version='s3v4'))
# Generate the URL
# URL expires in 3600 seconds
url = s3.generate_presigned_url(
ClientMethod='get_object',
Params={
'Bucket': 'testbucket',
'Key': 'TestFile.txt',
'ResponseCacheControl': 'no-cache',
'ResponseContentType': 'txt',
'ResponseContentDisposition': 'example.txt'
},
ExpiresIn=3600
)
print(url)
You may be able to have this logic setup on the client side where you would determine permissions of the user and send the request to certain Lambda access points.
Relevant content
- asked 2 years ago
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
Oops! That does not work for me.
Below is my code: export const generatePresignedUrl = async (myKey: string, myBucketName: string) => const command = new GetObjectCommand({ Bucket: myBucketName, Key: myKey, ResponseContentDisposition:
inline;
, }); const presignedUrl = await getSignedUrl(s3Client, command, { expiresIn: 300 });const urlWithParams =
${presignedUrl}&user=musthafa
;return urlWithParams; };
Whenever I append any additional parameters, it throws an InvalidSignature error. However, when I remove the additional parameters, it works as expected.