Wednesday 2 May 2012

Creating An Expiring Link in S3

UPDATE: I made a command line tool that allows you to quickly create a secret S3 link

First an admission. I’ve been using s3 for about five years and I’ve never really understood it. I’ve known that it’s a filesystem accessible through an API but I’ve mostly relied on GUI’s to interact with S3. However today there was no escaping a task that required some low down dirty command line work - I had to generate an expiring link to allow a client to download a sensitive file. I turned to the tools of my trade - python and in particular the wonderful boto library.

I already had the boto library installed and configured because I use it to push releases of our (soon to be open sourced) internal ‘core’ framework.

Working with the boto library it was really just a case of reading the docs and performing the following steps

 import boto s3conn = boto.connect_s3() bucket = s3conn.get_bucket('yourbucket') key = bucket.get_key('yourfile.tgz') # I wanted 12 hours seconds=60*60*12 key.generate_url(expires_in=seconds) 

The generate_url method call will return a signed url valid for the time specified in seconds which you can then pass out. Obviously there is no authentication on the URL, but that’s a different post for a different day.

All in all this took about 30 seconds to do and I thought I’d leave this post up incase it helps someone else. Back to work …