Amazon S3's default privacy setting keeps objects private, limiting access to the owner only. However, sharing objects becomes an easy task with the introduction of presigned URLs. These URLs, branded with temporary access abilities using secure credentials, can be utilized in browsers or programs to download objects from S3. The URL's permissions are derived strictly from the AWS user that has generated it.
Below is an example that demonstrates the usage of presigned URLs:
1GetObjectRequest getObjectRequest = GetObjectRequest.builder() 2 .bucket(bucket) 3 .key(key) 4 .responseCacheControl("max-age=" + duration.getSeconds()) 5 .responseContentType("image/png") 6 .build(); 7 8GetObjectPresignRequest getObjectPresignRequest = GetObjectPresignRequest.builder() 9 .signatureDuration(duration) 10 .getObjectRequest(getObjectRequest) 11 .build(); 12 13PresignedGetObjectRequest presignedGetObjectRequest = s3Presigner.presignGetObject(getObjectPresignRequest);
This example uses various components including GetObjectRequest, GetObjectPresignRequest, and PresignedGetObjectRequest to create a presigned URL that grants temporary access to an S3 file. Note that the AWS credentials of the user generating the URL get tied up with the permissions of the URL!