Skip to content

Implement "signurl" command for creating temporary public URLs to normally private objects #95

Closed
wants to merge 1 commit into from

2 participants

@ringerc
ringerc commented Dec 6, 2012

Amazon S3 supports URLs signed with an API key that permit time-limited
access to a normally private resource. Add a "signurl" command to s3cmd
that generates such URLs.

Usage: s3cmd signurl s3://bucket/object date -d '1 year' +%s

ie: s3cmd signurl url-to-sign expiry-in-epoch-seconds

This is a purely offline operation. Your API key and secret are not sent on
the wire. Your API key is included the generated URL, but your secret is of course
not.

No validation of the URL against S3 is performed, since this is an offline-only
operation. Use s3cmd ls or similar to test for valid objects if you need to.

The URL generated is http:// but you can simply change to https:// if you want.

For more information on signed URLs, see:

http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
@mdomsch
s3tools member
mdomsch commented Dec 6, 2012

This fails other commands for me now.

$ git checkout -b ringerc-master ringerc/master
Branch ringerc-master set up to track remote branch master from ringerc.
Switched to a new branch 'ringerc-master'
$ ./s3cmd ls
ERROR: S3 error: 403 (SignatureDoesNotMatch): The request signature we calculated does not match the signature you provided. Check your key and signing method.

That wasn't what I expected. Please review.

Thanks,
Matt

@ringerc ringerc Add support for creating signed S3 URLs with the new signurl command
Amazon S3 supports URLs signed with an API key that permit time-limited
access to a normally private resource. Add a "signurl" command to s3cmd
that generates such URLs.

Usage: s3cmd signurl s3://bucket/object `date -d '1 year' +%s`

ie: s3cmd signurl url-to-sign expiry-in-epoch-seconds

This is a purely offline operation. Your API key and secret are not sent on
the wire. Your API key is included the generated URL, but your secret is of course
not.

No validation of the URL against S3 is performed, since this is an offline-only
operation. Use s3cmd ls or similar to test for valid objects if you need to.

The URL generated is http:// but you can simply change to https:// if you want.

For more information on signed URLs, see:

    http://s3.amazonaws.com/doc/s3-developer-guide/RESTAuthentication.html
ff6e561
@mdomsch
s3tools member
mdomsch commented Dec 7, 2012

Thanks for the update. I've tested this works and doesn't seem to break other commands now. :-)
I've pulled this into my merge branch.

@ringerc
ringerc commented Dec 8, 2012

Thanks.

@ringerc ringerc closed this Dec 8, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.