# Sharing objects with presigned URLs
<a name="ShareObjectPreSignedURL"></a>

By default, all Amazon S3 objects are private, only the object owner has permission to access them. However, the object owner may share objects with others by creating a presigned URL. A presigned URL uses security credentials to grant time-limited permission to download objects. The URL can be entered in a browser or used by a program to download the object. The credentials used by the presigned URL are those of the Amazon user who generated the URL.

For general information about presigned URLs, see [Download and upload objects with presigned URLs](using-presigned-url.md).

You can create a presigned URL for sharing an object without writing any code by using the Amazon S3 console, Amazon Explorer for Visual Studio (Windows), or Amazon Toolkit for Visual Studio Code. You can also generate a presigned URL programmatically by using the Amazon Command Line Interface (Amazon CLI) or the Amazon SDKs.

## Using the S3 console
<a name="generating-presigned-url"></a>

 You can use the Amazon S3 console to generate a presigned URL for sharing an object up to 5 TB by following these steps. When using the console the maximum expiration time for a presigned URL is 12 hours from the time of creation.

**To generate a presigned URL by using the Amazon S3 console**

1. Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at [https://console.amazonaws.cn/s3/](https://console.amazonaws.cn/s3/).

1. In the left navigation pane, choose **General purpose buckets**.

1. In the **General purpose buckets** list, choose the name of the general purpose bucket that contains the object that you want a presigned URL for.

1. In the **Objects** list, select the object that you want to create a presigned URL for.

1. On the **Object actions** menu, choose **Share with a presigned URL**.

1. Specify how long you want the presigned URL to be valid.

1. Choose **Create presigned URL**.

1. When a confirmation appears, the URL is automatically copied to your clipboard. You will see a button to copy the presigned URL if you need to copy it again.

## Using the Amazon CLI
<a name="ShareObjectPresignedCLI"></a>

The following example Amazon CLI command generates a presigned URL for sharing an object from an Amazon S3 bucket. When you use the Amazon CLI, the maximum expiration time for a presigned URL is 7 days from the time of creation. To use this example, replace the *`user input placeholders`* with your own information.

```
aws s3 presign s3://amzn-s3-demo-bucket/mydoc.txt --expires-in 604800
```

The `--expires-in` parameter specifies the expiration time in seconds.



**Note**  
For all Amazon Web Services Regions launched after March 20, 2019 you need to specify the `endpoint-url` and `Amazon Web Services Region` with the request. For a list of all the Amazon S3 Regions and endpoints, see [Regions and Endpoints](https://docs.amazonaws.cn/general/latest/gr/rande.html#s3_region) in the *Amazon General Reference*.

```
aws s3 presign s3://amzn-s3-demo-bucket/mydoc.txt --expires-in 604800 --region af-south-1 --endpoint-url https://s3.af-south-1.amazonaws.com
```



For more information, see [https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3/presign.html](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/s3/presign.html) in the *Amazon CLI Command Reference*.

## Using the Amazon SDKs
<a name="ShareObjectPreSignedURLSDK"></a>

You can generate a presigned URL programmatically by using the Amazon SDKs.

------
#### [ Python ]

 The following Python script generates a `GET` presigned URL for sharing an object.

1. Copy the contents of the script and save it as “*get-only-url.py*” file. To use the following examples, replace the *user input placeholders* with your own information (such as your file name). 

   ```
   import argparse
   import boto3
   from botocore.exceptions import ClientError
   
   def generate_presigned_url(s3_client, client_method, method_parameters, expires_in):
       """
       Generate a presigned Amazon S3 URL that can be used to perform an action.
       
       :param s3_client: A Boto3 Amazon S3 client.
       :param client_method: The name of the client method that the URL performs.
       :param method_parameters: The parameters of the specified client method.
       :param expires_in: The number of seconds the presigned URL is valid for.
       :return: The presigned URL.
       """
       try:
           url = s3_client.generate_presigned_url(
               ClientMethod=client_method,
               Params=method_parameters,
               ExpiresIn=expires_in
           )
       except ClientError:
           print(f"Couldn't get a presigned URL for client method '{client_method}'.")
           raise
       return url
   
   def main():
       parser = argparse.ArgumentParser()
       parser.add_argument("bucket", help="The name of the bucket.")
       parser.add_argument(
           "key", help="The key (path and filename) in the S3 bucket.",
       )
       args = parser.parse_args()
       
       # By default, this will use credentials from ~/.aws/credentials
       s3_client = boto3.client("s3")
       
       # The presigned URL is specified to expire in 1000 seconds
       url = generate_presigned_url(
           s3_client, 
           "get_object", 
           {"Bucket": args.bucket, "Key": args.key}, 
           1000
       )
       print(f"Generated GET presigned URL: {url}")
   
   if __name__ == "__main__":
       main()
   ```

1. To generate a `GET` presigned URL for sharing a file, run the following script with your bucket name and desired object path. 

    The following command uses example values. Replace the *user input placeholders* with your own information.

   ```
   python get-only-url.py amzn-s3-demo-bucket <object-path>
   ```

   The script will output a `GET` presigned URL:

   ```
   Generated GET presigned URL: https://amzn-s3-demo-bucket.s3.amazonaws.com/object.txt?AmazonAccessKeyId=AKIAIOSFODNN7EXAMPLE&Signature=vjbyNxybdZaMmLa%2ByT372YEAiv4%3D&Expires=1741978496
   ```

1. You can download the file using the generated presigned URL with curl:

   ```
   curl -X GET "generated-presigned-url" -o "path/to/save/file" 
   ```

For more examples of using the Amazon SDKs to generate a presigned URL for sharing an object, see [Create a presigned URL for Amazon S3 by using an Amazon SDK](https://docs.amazonaws.cn/AmazonS3/latest/API/s3_example_s3_Scenario_PresignedUrl_section.html). 

**Note**  
For all Amazon Web Services Regions launched after March 20, 2019 you need to specify the `endpoint-url` and `Amazon Web Services Region` with the request. For a list of all the Amazon S3 Regions and endpoints, see [Regions and Endpoints](https://docs.amazonaws.cn/general/latest/gr/rande.html#s3_region) in the *Amazon General Reference*.

**Note**  
When using the Amazon SDKs, the Tagging attribute must be a header and not a query parameter. All other attributes can be passed as a parameter for the presigned URL. 

------

## Using the Amazon Toolkit for Visual Studio (Windows)
<a name="ShareObjectPreSignedURLVSExplorer"></a>

**Note**  
At this time, the Amazon Toolkit for Visual Studio does not support Visual Studio for Mac.

1. Install the Amazon Toolkit for Visual Studio using the following instructions, [Installing and setting up the Toolkit for Visual Studio](https://docs.amazonaws.cn/toolkit-for-visual-studio/latest/user-guide/setup.html) in the *Amazon Toolkit for Visual Studio User Guide*.

1. Connect to Amazon using the following steps, [Connecting to Amazon](https://docs.amazonaws.cn/AWSToolkitVS/latest/UserGuide/connect.html) in the *Amazon Toolkit for Visual Studio User Guide*.

1. In the left side panel labeled **Amazon Explorer**, double-click the bucket containing your object.

1. Right-click the object you wish to have a presigned URL generated for and select **Create Pre-Signed URL...**.

1. In the pop-up window, set the expiration date and time for your presigned URL.

1. The **Object Key**, should pre-populate based on the object you selected.

1. Choose **GET** to specify that this presigned URL will be used for downloading an object.

1. Choose the **Generate** button.

1. To copy the URL to the clipboard, choose **Copy**.

1. To use the generated presigned URL, paste the URL into any browser.

## Using Amazon Toolkit for Visual Studio Code
<a name="ShareObjectPreSignedURLVSCode"></a>

If you're using Visual Studio Code, you can generate a presigned URL to share an object without writing any code by using Amazon Toolkit for Visual Studio Code. For general information, see [Amazon Toolkit for Visual Studio Code](https://docs.amazonaws.cn/toolkit-for-vscode/latest/userguide/welcome.html) in the *Amazon Toolkit for Visual Studio Code User Guide*. 

For instructions on how to install the Amazon Toolkit for Visual Studio Code, see [Installing the Amazon Toolkit for Visual Studio Code](https://docs.amazonaws.cn/toolkit-for-vscode/latest/userguide/setup-toolkit.html) in the *Amazon Toolkit for Visual Studio Code User Guide*.

1. Connect to Amazon using the following steps, [Connecting to Amazon Toolkit for Visual Studio Code](https://docs.amazonaws.cn/toolkit-for-vscode/latest/userguide/connect.html) in the *Amazon Toolkit for Visual Studio Code User Guide*.

1. Select the Amazon logo on the left panel in Visual Studio Code.

1. Under **EXPLORER**, select **S3**.

1. Choose a bucket and file and open the context menu (right-click).

1. Choose **Generate presigned URL**, and then set the expiration time (in minutes).

1. Press Enter, and the presigned URL will be copied to your clipboard.