Share Objects with Pre-Signed URLs

By default, objects in the IONOS S3 Object Storage are private and only the bucket owner has permission to access them. Only the bucket owner can generate a pre-signed URL for objects and grant time-bound permission to other users to access these objects. It is a secure and user-friendly way to share private objects stored in your Object Storage with other users.

Note: For a contract-owned bucket, in addition to the bucket owner, the administrator has the permission to generate a pre-signed URL for objects and grant time-bound permission to other users to access these objects.

This way, the objects are made publically available for users with the object's pre-signed URL; however, you could limit the period of access to the object.

Use cases

  • Pre-signed URLs are ideal for providing temporary access to a specific object without needing to change the object's permissions or share your credentials with other users.

  • Allows other users to upload objects directly to your S3 bucket without needing to provide them with access and secret keys.

You can generate a pre-signed URL to share objects through one of the following methods:

Web console

1. In the DCD, go to Menu > Storage > IONOS S3 Object Storage.

2. From the drop-down list in the Buckets tab, choose either to Show user-owned buckets or Show contract-owned buckets depending on the bucket type you want to view.

3. From the Buckets list, choose the bucket from which you want to share the objects. The list of objects in the bucket is listed.

4. Select the object to share and click Generate Pre-Signed URL.

5. Enter the expiration time for the URL and choose whether the specified time refers to seconds, minutes, hours, or days.

6. Click Generate.

7. Copy the generated pre-signed URL and share it with users who require access to this object.

Result: The pre-signed URL for the selected object is generated successfully and copied to the clipboard. The URL is valid for the period defined during URL generation.

CLI

Prerequisites: — Set up the AWS CLI by following the installation instructions.

— Make sure to consider the supported Endpoints.

Generate a pre-signed URL for my-object.txt in the my-bucket bucket which will expire in 3600 seconds:

aws s3 presign s3://MY-BUCKET/my-object.txt --expires-in 3600 --endpoint-url https://s3-eu-central-2.ionoscloud.com

API and SDKs

The creation of pre-signed URLs does not involve a dedicated API by design. These URLs are generated locally via a signing algorithm using your credentials without relying on the S3 API. To create these URLs, use the appropriate SDK for your programming language.

IONOS S3 Object Storage is S3-compatible, allowing seamless integration with any SDK supporting the S3 protocol for tasks like generating pre-signed URLs. For generating pre-signed URLs using SDKs, see the following AWS methods: Python, Go, Java 2.x., JavaScript 2.x., JavaScript v3, and PHP Version 3.

Last updated