# Sharing Objects Using Presigned URLs

## Presigned URLs

By default, all objects and buckets are private. Only the object owner has permission to access these objects. However, the object owner can share their objects with others who do not have AWS credentials. They can create a presigned URL to grant time-limited permission to download the objects. 

The main purpose of a presigned URL is to grant temporary access to the required object. When you create a presigned URL, you must provide your security credentials and specify the following:

- Bucket name
- Object key
- HTTP method (PUT for uploading objects)
- Expiration date and time

Anyone who receives the presigned URL can then access the object. For example, if you have a video in your bucket and both the bucket and the object are private, you can share the video with others by generating a presigned URL. A presigned URL remains valid for a limited period of time, which is specified when the URL is generated. You can use presigned URLs to embed live links in HTML, which can be valid for up to seven days.

A use case scenario for presigned URLs is that you can grant temporary access to your Amazon S3 resources. For example, you can embed a presigned URL on your website or alternatively use it in command line client (such as curl) to download objects. You could also programmatically generate a presigned URL to allow a user to upload an object to a bucket.

### Permissions to the object

Anyone with valid security credentials can create a presigned URL. However, to access an object successfully, the user creating the presigned URL must have permissions to perform the operation on the object that will be accessed using the presigned URL.

### Credentials

The credentials that you can use to create a presigned URL include:

- IAM instance profile – Valid up to 6 hours
- AWS Security Token Service – Valid up to 36 hours when signed with permanent credentials, such as the credentials of the AWS account root user or an IAM user
- IAM user – Valid up to 7 days when using AWS Signature Version 4

To create a presigned URL that's valid for up to 7 days, first designate IAM user credentials (the access key and secret access key) to the SDK that you're using. Then, generate a presigned URL using AWS Signature Version 4.

### Token expiration

If you created a presigned URL using a temporary token, the URL expires when the token expires, even if you created the URL with a later expiration time. 

### Tools required

You can generate a presigned URL programmatically using the REST API, AWS CLI, and the AWS SDK for Java, .NET, Ruby, PHP, Node.js, Python, and Go.