Skip to main content

Lyve Cloud Documentation

How to create a pre-signed URL?

To share an object without granting someone access to your storage account, you can share individual objects with the security and time sensitivity of a pre-signed URL.  In Lyve Cloud, console admins can set permissions to allow S3 clients access to data objects. Objects are only accessible by providing access and secret keys to the S3 client. However, objects can be shared with anyone by providing a pre-signed URL allowing temporary access to the object. Pre-signed URLs are time-sensitive and allow any recipient with the URL to download an object. For example, if you store a video recording in a Lyve Cloud bucket, you can share the file by creating a pre-signed URL.

Creating a pre-signed URL for download operations

Use the S3 client to request an object in your Lyve Cloud bucket. The following instructions generate a pre-signed URL to share an object for a designated period.

Pre-requisites

  • Download a command line tool such as AWS CLI.

  • Provide S3 Client access to Lyve Cloud bucket(s). For instructions, see Connecting S3 clients.

Procedure. To create a pre-signed URL to download an object:

  1. Open your command line application (Command Prompt for PC, Terminal for Mac) and use the following command to configure your profile:

    configure --profile (profile name) 

    C:\Users\693611>aws configure --profile adr

  2. Enter your bucket’s access key, secret key, region name, and output format:

    • AWS Access Key ID [None]: Enter access key ID.

    • AWS Secret Access Key [None]: Enter secret access key

    • Default region name [None]: Enter default region name (us-east or us-west)

    • Default output format [None]: Enter default output format (optional)

    Example

    • AWS Access Key ID [None]: **************QGS

    • AWS Secret Access Key [None]: *****************************3CJ

    • Default region name [None]: us-east-1

    • Default output format [None]:

  3. Enter the following command to list your buckets:

    S3 ls --profile (enter profile name) –-endpoint URL 

    Example

    C:\Users\693611>aws s3 ls --profile adr --endpoint https://s3.us-east-1.lyvecloud.seagate.com   

    Result

    2021-06-08 15:12:58 ahtestbucket 

  4. Enter the following command to generate a pre-signed URL.

    A default expiration time can vary from client to client.

    S3 presign s3://bucketname/objectfile --profile (profile name) --endpoint URL  

    Example

    C:\Users\693611>aws s3 presign s3://ahtestbucket/certificate.pdf --profile adr  --endpoint https://s3.us-east-1.lyvecloud.seagate.com Example 

    Result

    https://s3.us-east-1.lyvecloud.seagate.com/ahtestbucket/certificate.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=YKANULVJJF5ASGQS%2F20211202%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20211202T152353Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=e97e4b48c15bfa2f3b724fc9c23b8a4cd8bc324d434d67a6fe31e44a241adaf3 

  5. Copy the generated URL and share your object.

    If you experience errors viewing the URL, check to ensure the bucket and object name in the command line follow the same lowercase and uppercase structure in your bucket. CLI is case-sensitive.

    Creating a pre-signed URL for upload operations

    The Pre signed URL Upload python script uses packages from the python library Boto3, which provides an API for AWS infrastructure operations. To configure the API, you must use the AWS software development kit for Python (also known as Boto3). Boto3 provides a python API for AWS infrastructure services. Python is used to create an upload-presigned URL.

    Pre-requisites

    • Download and install the latest version of Python

    You can create and upload the pre-signed URL in two ways:

    Important

    The script prompts with an access key, secret key, bucket number, and object number to upload, as well as how long you wish for the URL to be active in minutes. Once entered, your object to upload is uploaded to the generated URL. The script generates an output status code for the upload operation.

    1. Using the .py file to create an upload URL in the command line.

      1. Navigate to the root directory, where PresignedURLUpload.py is stored.

      2. Run the following command:

        python -m pip install boto3

        Run the following command if you have python3 installed,

        python3 -m install boto3

        Note

        Run the following command if you encounter a permission error.

        sudo pip install boto3

      3. After installing Boto3, run the python script to create the pre-signed URL using the following command:

        python PresignedURLUpload.py

        Run the following command if you have python3 installed,

        python3 PresignedURLUpload.py

    2. Writing the code for a pre-signed URL in python.

      1. Configure your profile in your python editor.

        1. Open the command line and type python” or python3.

          Based on the python version installed, it initiates an environment to enter python code.

        2. Run the following command to import the required packages to configure your client.

          import boto3
import requests
import json
from botocore.client import Config

        3. Declare the Access Key, Secret Key, desired bucket, and object names as variables.

          Note

          Mention the details to simplify configuration and reduce user error; configuring your API is unnecessary. This step may be skipped by simply entering the original key values instead of variable names.

          access_key = <EXAMPLEACCESSKEY>
secret_key = ‘EXAMPLESECRETKEY’
bucket = ‘EXAMPLE BUCKET NUMBER’
object_name_to_upload = ‘Example Object Name’

        4. Configure the API. Login, using the variables for your key values.

          s3 = boto3.client(‘s3’)
session = boto3.session.Session()
s3_client = session.client(
	‘s3’, 
	endpoint_url = ‘https://s3.us-east-1.lyvecloud.seagate.com’,
	aws_access_key_id = access_key,
	aws_secret_access_key=secret_key, region_name = ‘us-east-1’,
	config=Config(signature_version = “s3v4” ))

      2. Generate the pre-signed URL using the following command and key values.

        The object_name_to_upload is the variable declared in the above steps. The value entered for ExpiresIn declares the expiry time in seconds.

        response = s3_client.generate_presigned_post(
	Bucket = bucket,
		Key = object_name_to_upload  
			ExpiresIn = 36000)

      3. Upload the file to S3 using your presigned URL.

        files = {‘file’: open(object_name_to_upload, ‘rb’)}
r = requests.post(response[‘url’], data = response[‘fields’], 
files = files)

      4. Use the following command to view the status of the upload.

        print(r.status_code)

    The script prompts with an access key, secret key, bucket number, and object number to upload, as well as how long you wish for the URL to be active in minutes. Once entered, your object to upload is uploaded to the generated URL. The script generates an output status code for the upload operation.

    Conclusion

    With pre-signed URLs, you can temporarily access an object in Lyve Cloud. A pre-signed URL is an efficient and effective way to access individual files without giving access to your storage account. You can easily create and share a URL in minutes using S3 clients with Lyve Cloud storage.

    In this section: