Create a presigned URL for Amazon S3 using an Amazon SDK - Amazon Simple Storage Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Create a presigned URL for Amazon S3 using an Amazon SDK

The following code examples show how to create a presigned URL for Amazon S3 and upload an object.

.NET
Amazon SDK for .NET
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Generate a presigned URL that can perform an Amazon S3 action for a limited time.

using System; using Amazon; using Amazon.S3; using Amazon.S3.Model; public class GenPresignedUrl { public static void Main() { const string bucketName = "doc-example-bucket"; const string objectKey = "sample.txt"; // Specify how long the presigned URL lasts, in hours const double timeoutDuration = 12; // Specify the AWS Region of your Amazon S3 bucket. If it is // different from the Region defined for the default user, // pass the Region to the constructor for the client. For // example: new AmazonS3Client(RegionEndpoint.USEast1); // If using the Region us-east-1, and server-side encryption with AWS KMS, you must specify Signature Version 4. // Region us-east-1 defaults to Signature Version 2 unless explicitly set to Version 4 as shown below. // For more details, see https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingAWSSDK.html#specify-signature-version // and https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Amazon/TAWSConfigsS3.html AWSConfigsS3.UseSignatureVersion4 = true; IAmazonS3 s3Client = new AmazonS3Client(RegionEndpoint.USEast1); string urlString = GeneratePresignedURL(s3Client, bucketName, objectKey, timeoutDuration); Console.WriteLine($"The generated URL is: {urlString}."); } /// <summary> /// Generate a presigned URL that can be used to access the file named /// in the objectKey parameter for the amount of time specified in the /// duration parameter. /// </summary> /// <param name="client">An initialized S3 client object used to call /// the GetPresignedUrl method.</param> /// <param name="bucketName">The name of the S3 bucket containing the /// object for which to create the presigned URL.</param> /// <param name="objectKey">The name of the object to access with the /// presigned URL.</param> /// <param name="duration">The length of time for which the presigned /// URL will be valid.</param> /// <returns>A string representing the generated presigned URL.</returns> public static string GeneratePresignedURL(IAmazonS3 client, string bucketName, string objectKey, double duration) { string urlString = string.Empty; try { var request = new GetPreSignedUrlRequest() { BucketName = bucketName, Key = objectKey, Expires = DateTime.UtcNow.AddHours(duration), }; urlString = client.GetPreSignedURL(request); } catch (AmazonS3Exception ex) { Console.WriteLine($"Error:'{ex.Message}'"); } return urlString; } }

Generate a presigned URL and perform an upload using that URL.

using System; using System.IO; using System.Net.Http; using System.Threading.Tasks; using Amazon; using Amazon.S3; using Amazon.S3.Model; /// <summary> /// This example shows how to upload an object to an Amazon Simple Storage /// Service (Amazon S3) bucket using a presigned URL. The code first /// creates a presigned URL and then uses it to upload an object to an /// Amazon S3 bucket using that URL. /// </summary> public class UploadUsingPresignedURL { private static HttpClient httpClient = new HttpClient(); public static async Task Main() { string bucketName = "doc-example-bucket"; string keyName = "samplefile.txt"; string filePath = $"source\\{keyName}"; // Specify how long the signed URL will be valid in hours. double timeoutDuration = 12; // Specify the AWS Region of your Amazon S3 bucket. If it is // different from the Region defined for the default user, // pass the Region to the constructor for the client. For // example: new AmazonS3Client(RegionEndpoint.USEast1); // If using the Region us-east-1, and server-side encryption with AWS KMS, you must specify Signature Version 4. // Region us-east-1 defaults to Signature Version 2 unless explicitly set to Version 4 as shown below. // For more details, see https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingAWSSDK.html#specify-signature-version // and https://docs.aws.amazon.com/sdkfornet/v3/apidocs/items/Amazon/TAWSConfigsS3.html AWSConfigsS3.UseSignatureVersion4 = true; IAmazonS3 client = new AmazonS3Client(RegionEndpoint.USEast1); var url = GeneratePreSignedURL(client, bucketName, keyName, timeoutDuration); var success = await UploadObject(filePath, url); if (success) { Console.WriteLine("Upload succeeded."); } else { Console.WriteLine("Upload failed."); } } /// <summary> /// Uploads an object to an Amazon S3 bucket using the presigned URL passed in /// the url parameter. /// </summary> /// <param name="filePath">The path (including file name) to the local /// file you want to upload.</param> /// <param name="url">The presigned URL that will be used to upload the /// file to the Amazon S3 bucket.</param> /// <returns>A Boolean value indicating the success or failure of the /// operation, based on the HttpWebResponse.</returns> public static async Task<bool> UploadObject(string filePath, string url) { using var streamContent = new StreamContent( new FileStream(filePath, FileMode.Open, FileAccess.Read)); var response = await httpClient.PutAsync(url, streamContent); return response.IsSuccessStatusCode; } /// <summary> /// Generates a presigned URL which will be used to upload an object to /// an Amazon S3 bucket. /// </summary> /// <param name="client">The initialized Amazon S3 client object used to call /// GetPreSignedURL.</param> /// <param name="bucketName">The name of the Amazon S3 bucket to which the /// presigned URL will point.</param> /// <param name="objectKey">The name of the file that will be uploaded.</param> /// <param name="duration">How long (in hours) the presigned URL will /// be valid.</param> /// <returns>The generated URL.</returns> public static string GeneratePreSignedURL( IAmazonS3 client, string bucketName, string objectKey, double duration) { var request = new GetPreSignedUrlRequest { BucketName = bucketName, Key = objectKey, Verb = HttpVerb.PUT, Expires = DateTime.UtcNow.AddHours(duration), }; string url = client.GetPreSignedURL(request); return url; } }
C++
SDK for C++
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Generate a pre-signed URL to download an object.

//! Routine which demonstrates creating a pre-signed URL to download an object from an //! Amazon Simple Storage Service (Amazon S3) bucket. /*! \param bucketName: Name of the bucket. \param key: Name of an object key. \param expirationSeconds: Expiration in seconds for pre-signed URL. \param clientConfig: Aws client configuration. \return Aws::String: A pre-signed URL. */ Aws::String AwsDoc::S3::GeneratePreSignedGetObjectURL(const Aws::String &bucketName, const Aws::String &key, uint64_t expirationSeconds, const Aws::Client::ClientConfiguration &clientConfig) { Aws::S3::S3Client client(clientConfig); return client.GeneratePresignedUrl(bucketName, key, Aws::Http::HttpMethod::HTTP_GET, expirationSeconds); }

Download using libcurl.

static size_t myCurlWriteBack(char *buffer, size_t size, size_t nitems, void *userdata) { Aws::StringStream *str = (Aws::StringStream *) userdata; if (nitems > 0) { str->write(buffer, size * nitems); } return size * nitems; } //! Utility routine to test GetObject with a pre-signed URL. /*! \param presignedURL: A pre-signed URL to get an object from a bucket. \param resultString: A string to hold the result. \return bool: Function succeeded. */ bool AwsDoc::S3::GetObjectWithPresignedObjectURL(const Aws::String &presignedURL, Aws::String &resultString) { CURL *curl = curl_easy_init(); CURLcode result; std::stringstream outWriteString; result = curl_easy_setopt(curl, CURLOPT_WRITEDATA, &outWriteString); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_WRITEDATA " << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, myCurlWriteBack); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_WRITEFUNCTION" << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_URL, presignedURL.c_str()); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_URL" << std::endl; return false; } result = curl_easy_perform(curl); if (result != CURLE_OK) { std::cerr << "Failed to perform CURL request" << std::endl; return false; } resultString = outWriteString.str(); if (resultString.find( "<?xml") == 0) { std::cerr << "Failed to get object, response:\n" << resultString << std::endl; return false; } return true; }

Generate a pre-signed URL to upload an object.

//! Routine which demonstrates creating a pre-signed URL to upload an object to an //! Amazon Simple Storage Service (Amazon S3) bucket. /*! \param bucketName: Name of the bucket. \param key: Name of an object key. \param clientConfig: Aws client configuration. \return Aws::String: A pre-signed URL. */ Aws::String AwsDoc::S3::GeneratePreSignedPutObjectURL(const Aws::String &bucketName, const Aws::String &key, uint64_t expirationSeconds, const Aws::Client::ClientConfiguration &clientConfig) { Aws::S3::S3Client client(clientConfig); return client.GeneratePresignedUrl(bucketName, key, Aws::Http::HttpMethod::HTTP_PUT, expirationSeconds); }

Upload using libcurl.

static size_t myCurlReadBack(char *buffer, size_t size, size_t nitems, void *userdata) { Aws::StringStream *str = (Aws::StringStream *) userdata; str->read(buffer, size * nitems); return str->gcount(); } static size_t myCurlWriteBack(char *buffer, size_t size, size_t nitems, void *userdata) { Aws::StringStream *str = (Aws::StringStream *) userdata; if (nitems > 0) { str->write(buffer, size * nitems); } return size * nitems; } //! Utility routine to test PutObject with a pre-signed URL. /*! \param presignedURL: A pre-signed URL to put an object in a bucket. \param data: Body of the PutObject request. \return bool: Function succeeded. */ bool AwsDoc::S3::PutStringWithPresignedObjectURL(const Aws::String &presignedURL, const Aws::String &data) { CURL *curl = curl_easy_init(); CURLcode result; Aws::StringStream readStringStream; readStringStream << data; result = curl_easy_setopt(curl, CURLOPT_READFUNCTION, myCurlReadBack); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_READFUNCTION" << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_READDATA, &readStringStream); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_READDATA" << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)data.size()); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_INFILESIZE_LARGE" << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, myCurlWriteBack); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_WRITEFUNCTION" << std::endl; return false; } std::stringstream outWriteString; result = curl_easy_setopt(curl, CURLOPT_WRITEDATA, &outWriteString); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_WRITEDATA " << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_URL, presignedURL.c_str()); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_URL" << std::endl; return false; } result = curl_easy_setopt(curl, CURLOPT_UPLOAD, 1L); if (result != CURLE_OK) { std::cerr << "Failed to set CURLOPT_PUT" << std::endl; return false; } result = curl_easy_perform(curl); if (result != CURLE_OK) { std::cerr << "Failed to perform CURL request" << std::endl; return false; } std::string outString = outWriteString.str(); if (outString.empty()) { std::cout << "Successfully put object." << std::endl; return true; } else { std::cout << "A server error was encountered, output:\n" << outString << std::endl; return false; } }
Go
SDK for Go V2
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Create functions that wrap S3 presigning actions.

// Presigner encapsulates the Amazon Simple Storage Service (Amazon S3) presign actions // used in the examples. // It contains PresignClient, a client that is used to presign requests to Amazon S3. // Presigned requests contain temporary credentials and can be made from any HTTP client. type Presigner struct { PresignClient *s3.PresignClient } // GetObject makes a presigned request that can be used to get an object from a bucket. // The presigned request is valid for the specified number of seconds. func (presigner Presigner) GetObject( bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) { request, err := presigner.PresignClient.PresignGetObject(context.TODO(), &s3.GetObjectInput{ Bucket: aws.String(bucketName), Key: aws.String(objectKey), }, func(opts *s3.PresignOptions) { opts.Expires = time.Duration(lifetimeSecs * int64(time.Second)) }) if err != nil { log.Printf("Couldn't get a presigned request to get %v:%v. Here's why: %v\n", bucketName, objectKey, err) } return request, err } // PutObject makes a presigned request that can be used to put an object in a bucket. // The presigned request is valid for the specified number of seconds. func (presigner Presigner) PutObject( bucketName string, objectKey string, lifetimeSecs int64) (*v4.PresignedHTTPRequest, error) { request, err := presigner.PresignClient.PresignPutObject(context.TODO(), &s3.PutObjectInput{ Bucket: aws.String(bucketName), Key: aws.String(objectKey), }, func(opts *s3.PresignOptions) { opts.Expires = time.Duration(lifetimeSecs * int64(time.Second)) }) if err != nil { log.Printf("Couldn't get a presigned request to put %v:%v. Here's why: %v\n", bucketName, objectKey, err) } return request, err } // DeleteObject makes a presigned request that can be used to delete an object from a bucket. func (presigner Presigner) DeleteObject(bucketName string, objectKey string) (*v4.PresignedHTTPRequest, error) { request, err := presigner.PresignClient.PresignDeleteObject(context.TODO(), &s3.DeleteObjectInput{ Bucket: aws.String(bucketName), Key: aws.String(objectKey), }) if err != nil { log.Printf("Couldn't get a presigned request to delete object %v. Here's why: %v\n", objectKey, err) } return request, err }

Run an interactive example that generates and uses presigned URLs to upload, download, and delete an S3 object.

// RunPresigningScenario is an interactive example that shows you how to get presigned // HTTP requests that you can use to move data into and out of Amazon Simple Storage // Service (Amazon S3). The presigned requests contain temporary credentials and can // be used by an HTTP client. // // 1. Get a presigned request to put an object in a bucket. // 2. Use the net/http package to use the presigned request to upload a local file to the bucket. // 3. Get a presigned request to get an object from a bucket. // 4. Use the net/http package to use the presigned request to download the object to a local file. // 5. Get a presigned request to delete an object from a bucket. // 6. Use the net/http package to use the presigned request to delete the object. // // This example creates an Amazon S3 presign client from the specified sdkConfig so that // you can replace it with a mocked or stubbed config for unit testing. // // It uses a questioner from the `demotools` package to get input during the example. // This package can be found in the ..\..\demotools folder of this repo. // // It uses an IHttpRequester interface to abstract HTTP requests so they can be mocked // during testing. func RunPresigningScenario(sdkConfig aws.Config, questioner demotools.IQuestioner, httpRequester IHttpRequester) { defer func() { if r := recover(); r != nil { fmt.Printf("Something went wrong with the demo.") } }() log.Println(strings.Repeat("-", 88)) log.Println("Welcome to the Amazon S3 presigning demo.") log.Println(strings.Repeat("-", 88)) s3Client := s3.NewFromConfig(sdkConfig) bucketBasics := actions.BucketBasics{S3Client: s3Client} presignClient := s3.NewPresignClient(s3Client) presigner := actions.Presigner{PresignClient: presignClient} bucketName := questioner.Ask("We'll need a bucket. Enter a name for a bucket "+ "you own or one you want to create:", demotools.NotEmpty{}) bucketExists, err := bucketBasics.BucketExists(bucketName) if err != nil { panic(err) } if !bucketExists { err = bucketBasics.CreateBucket(bucketName, sdkConfig.Region) if err != nil { panic(err) } else { log.Println("Bucket created.") } } log.Println(strings.Repeat("-", 88)) log.Printf("Let's presign a request to upload a file to your bucket.") uploadFilename := questioner.Ask("Enter the path to a file you want to upload:", demotools.NotEmpty{}) uploadKey := questioner.Ask("What would you like to name the uploaded object?", demotools.NotEmpty{}) uploadFile, err := os.Open(uploadFilename) if err != nil { panic(err) } defer uploadFile.Close() presignedPutRequest, err := presigner.PutObject(bucketName, uploadKey, 60) if err != nil { panic(err) } log.Printf("Got a presigned %v request to URL:\n\t%v\n", presignedPutRequest.Method, presignedPutRequest.URL) log.Println("Using net/http to send the request...") info, err := uploadFile.Stat() if err != nil { panic(err) } putResponse, err := httpRequester.Put(presignedPutRequest.URL, info.Size(), uploadFile) if err != nil { panic(err) } log.Printf("%v object %v with presigned URL returned %v.", presignedPutRequest.Method, uploadKey, putResponse.StatusCode) log.Println(strings.Repeat("-", 88)) log.Printf("Let's presign a request to download the object.") questioner.Ask("Press Enter when you're ready.") presignedGetRequest, err := presigner.GetObject(bucketName, uploadKey, 60) if err != nil { panic(err) } log.Printf("Got a presigned %v request to URL:\n\t%v\n", presignedGetRequest.Method, presignedGetRequest.URL) log.Println("Using net/http to send the request...") getResponse, err := httpRequester.Get(presignedGetRequest.URL) if err != nil { panic(err) } log.Printf("%v object %v with presigned URL returned %v.", presignedGetRequest.Method, uploadKey, getResponse.StatusCode) defer getResponse.Body.Close() downloadBody, err := io.ReadAll(getResponse.Body) if err != nil { panic(err) } log.Printf("Downloaded %v bytes. Here are the first 100 of them:\n", len(downloadBody)) log.Println(strings.Repeat("-", 88)) log.Println(string(downloadBody[:100])) log.Println(strings.Repeat("-", 88)) log.Println("Let's presign a request to delete the object.") questioner.Ask("Press Enter when you're ready.") presignedDelRequest, err := presigner.DeleteObject(bucketName, uploadKey) if err != nil { panic(err) } log.Printf("Got a presigned %v request to URL:\n\t%v\n", presignedDelRequest.Method, presignedDelRequest.URL) log.Println("Using net/http to send the request...") delResponse, err := httpRequester.Delete(presignedDelRequest.URL) if err != nil { panic(err) } log.Printf("%v object %v with presigned URL returned %v.\n", presignedDelRequest.Method, uploadKey, delResponse.StatusCode) log.Println(strings.Repeat("-", 88)) log.Println("Thanks for watching!") log.Println(strings.Repeat("-", 88)) }

Define an HTTP request wrapper used by the example to make HTTP requests.

// IHttpRequester abstracts HTTP requests into an interface so it can be mocked during // unit testing. type IHttpRequester interface { Get(url string) (resp *http.Response, err error) Put(url string, contentLength int64, body io.Reader) (resp *http.Response, err error) Delete(url string) (resp *http.Response, err error) } // HttpRequester uses the net/http package to make HTTP requests during the scenario. type HttpRequester struct{} func (httpReq HttpRequester) Get(url string) (resp *http.Response, err error) { return http.Get(url) } func (httpReq HttpRequester) Put(url string, contentLength int64, body io.Reader) (resp *http.Response, err error) { putRequest, err := http.NewRequest("PUT", url, body) if err != nil { return nil, err } putRequest.ContentLength = contentLength return http.DefaultClient.Do(putRequest) } func (httpReq HttpRequester) Delete(url string) (resp *http.Response, err error) { delRequest, err := http.NewRequest("DELETE", url, nil) if err != nil { return nil, err } return http.DefaultClient.Do(delRequest) }
Java
SDK for Java 2.x
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Generate a pre-signed URL for an object, then download it (GET request).

Imports.

import com.example.s3.util.PresignUrlUtils; import org.slf4j.Logger; import software.amazon.awssdk.http.HttpExecuteRequest; import software.amazon.awssdk.http.HttpExecuteResponse; import software.amazon.awssdk.http.SdkHttpClient; import software.amazon.awssdk.http.SdkHttpMethod; import software.amazon.awssdk.http.SdkHttpRequest; import software.amazon.awssdk.http.apache.ApacheHttpClient; import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.model.GetObjectRequest; import software.amazon.awssdk.services.s3.model.S3Exception; import software.amazon.awssdk.services.s3.presigner.S3Presigner; import software.amazon.awssdk.services.s3.presigner.model.GetObjectPresignRequest; import software.amazon.awssdk.services.s3.presigner.model.PresignedGetObjectRequest; import software.amazon.awssdk.utils.IoUtils; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.URISyntaxException; import java.net.URL; import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse; import java.nio.file.Paths; import java.time.Duration; import java.util.UUID;

Generate the URL.

/* Create a pre-signed URL to download an object in a subsequent GET request. */ public String createPresignedGetUrl(String bucketName, String keyName) { try (S3Presigner presigner = S3Presigner.create()) { GetObjectRequest objectRequest = GetObjectRequest.builder() .bucket(bucketName) .key(keyName) .build(); GetObjectPresignRequest presignRequest = GetObjectPresignRequest.builder() .signatureDuration(Duration.ofMinutes(10)) // The URL will expire in 10 minutes. .getObjectRequest(objectRequest) .build(); PresignedGetObjectRequest presignedRequest = presigner.presignGetObject(presignRequest); logger.info("Presigned URL: [{}]", presignedRequest.url().toString()); logger.info("HTTP method: [{}]", presignedRequest.httpRequest().method()); return presignedRequest.url().toExternalForm(); } }

Download the object by using any one of the following three approaches.

Use JDK HttpURLConnection (since v1.1) class to do the download.

/* Use the JDK HttpURLConnection (since v1.1) class to do the download. */ public byte[] useHttpUrlConnectionToGet(String presignedUrlString) { ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); // Capture the response body to a byte array. try { URL presignedUrl = new URL(presignedUrlString); HttpURLConnection connection = (HttpURLConnection) presignedUrl.openConnection(); connection.setRequestMethod("GET"); // Download the result of executing the request. try (InputStream content = connection.getInputStream()) { IoUtils.copy(content, byteArrayOutputStream); } logger.info("HTTP response code is " + connection.getResponseCode()); } catch (S3Exception | IOException e) { logger.error(e.getMessage(), e); } return byteArrayOutputStream.toByteArray(); }

Use JDK HttpClient (since v11) class to do the download.

/* Use the JDK HttpClient (since v11) class to do the download. */ public byte[] useHttpClientToGet(String presignedUrlString) { ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); // Capture the response body to a byte array. HttpRequest.Builder requestBuilder = HttpRequest.newBuilder(); HttpClient httpClient = HttpClient.newHttpClient(); try { URL presignedUrl = new URL(presignedUrlString); HttpResponse<InputStream> response = httpClient.send(requestBuilder .uri(presignedUrl.toURI()) .GET() .build(), HttpResponse.BodyHandlers.ofInputStream()); IoUtils.copy(response.body(), byteArrayOutputStream); logger.info("HTTP response code is " + response.statusCode()); } catch (URISyntaxException | InterruptedException | IOException e) { logger.error(e.getMessage(), e); } return byteArrayOutputStream.toByteArray(); }

Use the Amazon SDK for Java SdkHttpClient class to do the download.

/* Use the AWS SDK for Java SdkHttpClient class to do the download. */ public byte[] useSdkHttpClientToPut(String presignedUrlString) { ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); // Capture the response body to a byte array. try { URL presignedUrl = new URL(presignedUrlString); SdkHttpRequest request = SdkHttpRequest.builder() .method(SdkHttpMethod.GET) .uri(presignedUrl.toURI()) .build(); HttpExecuteRequest executeRequest = HttpExecuteRequest.builder() .request(request) .build(); try (SdkHttpClient sdkHttpClient = ApacheHttpClient.create()) { HttpExecuteResponse response = sdkHttpClient.prepareRequest(executeRequest).call(); response.responseBody().ifPresentOrElse( abortableInputStream -> { try { IoUtils.copy(abortableInputStream, byteArrayOutputStream); } catch (IOException e) { throw new RuntimeException(e); } }, () -> logger.error("No response body.")); logger.info("HTTP Response code is {}", response.httpResponse().statusCode()); } } catch (URISyntaxException | IOException e) { logger.error(e.getMessage(), e); } return byteArrayOutputStream.toByteArray(); }

Generate a pre-signed URL for an upload, then upload a file (PUT request).

Imports.

import com.example.s3.util.PresignUrlUtils; import org.slf4j.Logger; import software.amazon.awssdk.core.internal.sync.FileContentStreamProvider; import software.amazon.awssdk.http.HttpExecuteRequest; import software.amazon.awssdk.http.HttpExecuteResponse; import software.amazon.awssdk.http.SdkHttpClient; import software.amazon.awssdk.http.SdkHttpMethod; import software.amazon.awssdk.http.SdkHttpRequest; import software.amazon.awssdk.http.apache.ApacheHttpClient; import software.amazon.awssdk.services.s3.S3Client; import software.amazon.awssdk.services.s3.model.PutObjectRequest; import software.amazon.awssdk.services.s3.model.S3Exception; import software.amazon.awssdk.services.s3.presigner.S3Presigner; import software.amazon.awssdk.services.s3.presigner.model.PresignedPutObjectRequest; import software.amazon.awssdk.services.s3.presigner.model.PutObjectPresignRequest; import java.io.File; import java.io.IOException; import java.io.OutputStream; import java.io.RandomAccessFile; import java.net.HttpURLConnection; import java.net.URISyntaxException; import java.net.URL; import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse; import java.nio.ByteBuffer; import java.nio.channels.FileChannel; import java.nio.file.Path; import java.nio.file.Paths; import java.time.Duration; import java.util.Map; import java.util.UUID;

Generate the URL.

/* Create a presigned URL to use in a subsequent PUT request */ public String createPresignedUrl(String bucketName, String keyName, Map<String, String> metadata) { try (S3Presigner presigner = S3Presigner.create()) { PutObjectRequest objectRequest = PutObjectRequest.builder() .bucket(bucketName) .key(keyName) .metadata(metadata) .build(); PutObjectPresignRequest presignRequest = PutObjectPresignRequest.builder() .signatureDuration(Duration.ofMinutes(10)) // The URL expires in 10 minutes. .putObjectRequest(objectRequest) .build(); PresignedPutObjectRequest presignedRequest = presigner.presignPutObject(presignRequest); String myURL = presignedRequest.url().toString(); logger.info("Presigned URL to upload a file to: [{}]", myURL); logger.info("HTTP method: [{}]", presignedRequest.httpRequest().method()); return presignedRequest.url().toExternalForm(); } }

Upload a file object by using any one of the following three approaches.

Use the JDK HttpURLConnection (since v1.1) class to do the upload.

/* Use the JDK HttpURLConnection (since v1.1) class to do the upload. */ public void useHttpUrlConnectionToPut(String presignedUrlString, File fileToPut, Map<String, String> metadata) { logger.info("Begin [{}] upload", fileToPut.toString()); try { URL presignedUrl = new URL(presignedUrlString); HttpURLConnection connection = (HttpURLConnection) presignedUrl.openConnection(); connection.setDoOutput(true); metadata.forEach((k, v) -> connection.setRequestProperty("x-amz-meta-" + k, v)); connection.setRequestMethod("PUT"); OutputStream out = connection.getOutputStream(); try (RandomAccessFile file = new RandomAccessFile(fileToPut, "r"); FileChannel inChannel = file.getChannel()) { ByteBuffer buffer = ByteBuffer.allocate(8192); //Buffer size is 8k while (inChannel.read(buffer) > 0) { buffer.flip(); for (int i = 0; i < buffer.limit(); i++) { out.write(buffer.get()); } buffer.clear(); } } catch (IOException e) { logger.error(e.getMessage(), e); } out.close(); connection.getResponseCode(); logger.info("HTTP response code is " + connection.getResponseCode()); } catch (S3Exception | IOException e) { logger.error(e.getMessage(), e); } }

Use the JDK HttpClient (since v11) class to do the upload.

/* Use the JDK HttpClient (since v11) class to do the upload. */ public void useHttpClientToPut(String presignedUrlString, File fileToPut, Map<String, String> metadata) { logger.info("Begin [{}] upload", fileToPut.toString()); HttpRequest.Builder requestBuilder = HttpRequest.newBuilder(); metadata.forEach((k, v) -> requestBuilder.header("x-amz-meta-" + k, v)); HttpClient httpClient = HttpClient.newHttpClient(); try { final HttpResponse<Void> response = httpClient.send(requestBuilder .uri(new URL(presignedUrlString).toURI()) .PUT(HttpRequest.BodyPublishers.ofFile(Path.of(fileToPut.toURI()))) .build(), HttpResponse.BodyHandlers.discarding()); logger.info("HTTP response code is " + response.statusCode()); } catch (URISyntaxException | InterruptedException | IOException e) { logger.error(e.getMessage(), e); } }

Use the Amazon for Java V2 SdkHttpClient class to do the upload.

/* Use the AWS SDK for Java V2 SdkHttpClient class to do the upload. */ public void useSdkHttpClientToPut(String presignedUrlString, File fileToPut, Map<String, String> metadata) { logger.info("Begin [{}] upload", fileToPut.toString()); try { URL presignedUrl = new URL(presignedUrlString); SdkHttpRequest.Builder requestBuilder = SdkHttpRequest.builder() .method(SdkHttpMethod.PUT) .uri(presignedUrl.toURI()); // Add headers metadata.forEach((k, v) -> requestBuilder.putHeader("x-amz-meta-" + k, v)); // Finish building the request. SdkHttpRequest request = requestBuilder.build(); HttpExecuteRequest executeRequest = HttpExecuteRequest.builder() .request(request) .contentStreamProvider(new FileContentStreamProvider(fileToPut.toPath())) .build(); try (SdkHttpClient sdkHttpClient = ApacheHttpClient.create()) { HttpExecuteResponse response = sdkHttpClient.prepareRequest(executeRequest).call(); logger.info("Response code: {}", response.httpResponse().statusCode()); } } catch (URISyntaxException | IOException e) { logger.error(e.getMessage(), e); } }
JavaScript
SDK for JavaScript (v3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Create a presigned URL to upload an object to a bucket.

import https from "https"; import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3"; import { fromIni } from "@aws-sdk/credential-providers"; import { HttpRequest } from "@smithy/protocol-http"; import { getSignedUrl, S3RequestPresigner, } from "@aws-sdk/s3-request-presigner"; import { parseUrl } from "@smithy/url-parser"; import { formatUrl } from "@aws-sdk/util-format-url"; import { Hash } from "@smithy/hash-node"; const createPresignedUrlWithoutClient = async ({ region, bucket, key }) => { const url = parseUrl(`https://${bucket}.s3.${region}.amazonaws.com/${key}`); const presigner = new S3RequestPresigner({ credentials: fromIni(), region, sha256: Hash.bind(null, "sha256"), }); const signedUrlObject = await presigner.presign( new HttpRequest({ ...url, method: "PUT" }), ); return formatUrl(signedUrlObject); }; const createPresignedUrlWithClient = ({ region, bucket, key }) => { const client = new S3Client({ region }); const command = new PutObjectCommand({ Bucket: bucket, Key: key }); return getSignedUrl(client, command, { expiresIn: 3600 }); }; function put(url, data) { return new Promise((resolve, reject) => { const req = https.request( url, { method: "PUT", headers: { "Content-Length": new Blob([data]).size } }, (res) => { let responseBody = ""; res.on("data", (chunk) => { responseBody += chunk; }); res.on("end", () => { resolve(responseBody); }); }, ); req.on("error", (err) => { reject(err); }); req.write(data); req.end(); }); } export const main = async () => { const REGION = "us-east-1"; const BUCKET = "example_bucket"; const KEY = "example_file.txt"; // There are two ways to generate a presigned URL. // 1. Use createPresignedUrl without the S3 client. // 2. Use getSignedUrl in conjunction with the S3 client and GetObjectCommand. try { const noClientUrl = await createPresignedUrlWithoutClient({ region: REGION, bucket: BUCKET, key: KEY, }); const clientUrl = await createPresignedUrlWithClient({ region: REGION, bucket: BUCKET, key: KEY, }); // After you get the presigned URL, you can provide your own file // data. Refer to put() above. console.log("Calling PUT using presigned URL without client"); await put(noClientUrl, "Hello World"); console.log("Calling PUT using presigned URL with client"); await put(clientUrl, "Hello World"); console.log("\nDone. Check your S3 console."); } catch (err) { console.error(err); } };

Create a presigned URL to download an object from a bucket.

import { GetObjectCommand, S3Client } from "@aws-sdk/client-s3"; import { fromIni } from "@aws-sdk/credential-providers"; import { HttpRequest } from "@smithy/protocol-http"; import { getSignedUrl, S3RequestPresigner, } from "@aws-sdk/s3-request-presigner"; import { parseUrl } from "@smithy/url-parser"; import { formatUrl } from "@aws-sdk/util-format-url"; import { Hash } from "@smithy/hash-node"; const createPresignedUrlWithoutClient = async ({ region, bucket, key }) => { const url = parseUrl(`https://${bucket}.s3.${region}.amazonaws.com/${key}`); const presigner = new S3RequestPresigner({ credentials: fromIni(), region, sha256: Hash.bind(null, "sha256"), }); const signedUrlObject = await presigner.presign(new HttpRequest(url)); return formatUrl(signedUrlObject); }; const createPresignedUrlWithClient = ({ region, bucket, key }) => { const client = new S3Client({ region }); const command = new GetObjectCommand({ Bucket: bucket, Key: key }); return getSignedUrl(client, command, { expiresIn: 3600 }); }; export const main = async () => { const REGION = "us-east-1"; const BUCKET = "example_bucket"; const KEY = "example_file.jpg"; try { const noClientUrl = await createPresignedUrlWithoutClient({ region: REGION, bucket: BUCKET, key: KEY, }); const clientUrl = await createPresignedUrlWithClient({ region: REGION, bucket: BUCKET, key: KEY, }); console.log("Presigned URL without client"); console.log(noClientUrl); console.log("\n"); console.log("Presigned URL with client"); console.log(clientUrl); } catch (err) { console.error(err); } };
Kotlin
SDK for Kotlin
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Create a GetObject presigned request and use the URL to download an object.

suspend fun getObjectPresigned( s3: S3Client, bucketName: String, keyName: String, ): String { // Create a GetObjectRequest. val unsignedRequest = GetObjectRequest { bucket = bucketName key = keyName } // Presign the GetObject request. val presignedRequest = s3.presignGetObject(unsignedRequest, 24.hours) // Use the URL from the presigned HttpRequest in a subsequent HTTP GET request to retrieve the object. val objectContents = URL(presignedRequest.url.toString()).readText() return objectContents }

Create a GetObject presigned request with advanced options.

suspend fun getObjectPresignedMoreOptions( s3: S3Client, bucketName: String, keyName: String, ): HttpRequest { // Create a GetObjectRequest. val unsignedRequest = GetObjectRequest { bucket = bucketName key = keyName } // Presign the GetObject request. val presignedRequest = s3.presignGetObject(unsignedRequest, signer = CrtAwsSigner) { signingDate = Instant.now() + 12.hours // Presigned request can be used 12 hours from now. algorithm = AwsSigningAlgorithm.SIGV4_ASYMMETRIC signatureType = AwsSignatureType.HTTP_REQUEST_VIA_QUERY_PARAMS expiresAfter = 8.hours // Presigned request expires 8 hours later. } return presignedRequest }

Create a PutObject presigned request and use it to upload an object.

suspend fun putObjectPresigned( s3: S3Client, bucketName: String, keyName: String, content: String, ) { // Create a PutObjectRequest. val unsignedRequest = PutObjectRequest { bucket = bucketName key = keyName } // Presign the request. val presignedRequest = s3.presignPutObject(unsignedRequest, 24.hours) // Use the URL and any headers from the presigned HttpRequest in a subsequent HTTP PUT request to retrieve the object. // Create a PUT request using the OKHttpClient API. val putRequest = Request .Builder() .url(presignedRequest.url.toString()) .apply { presignedRequest.headers.forEach { key, values -> header(key, values.joinToString(", ")) } }.put(content.toRequestBody()) .build() val response = OkHttpClient().newCall(putRequest).execute() assert(response.isSuccessful) }
PHP
SDK for PHP
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

namespace S3; use Aws\Exception\AwsException; use AwsUtilities\PrintableLineBreak; use AwsUtilities\TestableReadline; use DateTime; require 'vendor/autoload.php'; class PresignedURL { use PrintableLineBreak; use TestableReadline; public function run() { $s3Service = new S3Service(); $expiration = new DateTime("+20 minutes"); $linebreak = $this->getLineBreak(); echo $linebreak; echo ("Welcome to the Amazon S3 presigned URL demo.\n"); echo $linebreak; $bucket = $this->testable_readline("First, please enter the name of the S3 bucket to use: "); $key = $this->testable_readline("Next, provide the key of an object in the given bucket: "); echo $linebreak; $command = $s3Service->getClient()->getCommand('GetObject', [ 'Bucket' => $bucket, 'Key' => $key, ]); try { $preSignedUrl = $s3Service->preSignedUrl($command, $expiration); echo "Your preSignedUrl is \n$preSignedUrl\nand will be good for the next 20 minutes.\n"; echo $linebreak; echo "Thanks for trying the Amazon S3 presigned URL demo.\n"; } catch (AwsException $exception) { echo $linebreak; echo "Something went wrong: $exception"; die(); } } } $runner = new PresignedURL(); $runner->run();
Python
SDK for Python (Boto3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Generate a presigned URL that can perform an S3 action for a limited time. Use the Requests package to make a request with the URL.

import argparse import logging import boto3 from botocore.exceptions import ClientError import requests logger = logging.getLogger(__name__) def generate_presigned_url(s3_client, client_method, method_parameters, expires_in): """ Generate a presigned Amazon S3 URL that can be used to perform an action. :param s3_client: A Boto3 Amazon S3 client. :param client_method: The name of the client method that the URL performs. :param method_parameters: The parameters of the specified client method. :param expires_in: The number of seconds the presigned URL is valid for. :return: The presigned URL. """ try: url = s3_client.generate_presigned_url( ClientMethod=client_method, Params=method_parameters, ExpiresIn=expires_in ) logger.info("Got presigned URL: %s", url) except ClientError: logger.exception( "Couldn't get a presigned URL for client method '%s'.", client_method ) raise return url def usage_demo(): logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s") print("-" * 88) print("Welcome to the Amazon S3 presigned URL demo.") print("-" * 88) parser = argparse.ArgumentParser() parser.add_argument("bucket", help="The name of the bucket.") parser.add_argument( "key", help="For a GET operation, the key of the object in Amazon S3. For a " "PUT operation, the name of a file to upload.", ) parser.add_argument("action", choices=("get", "put"), help="The action to perform.") args = parser.parse_args() s3_client = boto3.client("s3") client_action = "get_object" if args.action == "get" else "put_object" url = generate_presigned_url( s3_client, client_action, {"Bucket": args.bucket, "Key": args.key}, 1000 ) print("Using the Requests package to send a request to the URL.") response = None if args.action == "get": response = requests.get(url) elif args.action == "put": print("Putting data to the URL.") try: with open(args.key, "r") as object_file: object_text = object_file.read() response = requests.put(url, data=object_text) except FileNotFoundError: print( f"Couldn't find {args.key}. For a PUT operation, the key must be the " f"name of a file that exists on your computer." ) if response is not None: print("Got response:") print(f"Status: {response.status_code}") print(response.text) print("-" * 88) if __name__ == "__main__": usage_demo()

Generate a presigned POST request to upload a file.

class BucketWrapper: """Encapsulates S3 bucket actions.""" def __init__(self, bucket): """ :param bucket: A Boto3 Bucket resource. This is a high-level resource in Boto3 that wraps bucket actions in a class-like structure. """ self.bucket = bucket self.name = bucket.name def generate_presigned_post(self, object_key, expires_in): """ Generate a presigned Amazon S3 POST request to upload a file. A presigned POST can be used for a limited time to let someone without an AWS account upload a file to a bucket. :param object_key: The object key to identify the uploaded object. :param expires_in: The number of seconds the presigned POST is valid. :return: A dictionary that contains the URL and form fields that contain required access data. """ try: response = self.bucket.meta.client.generate_presigned_post( Bucket=self.bucket.name, Key=object_key, ExpiresIn=expires_in ) logger.info("Got presigned POST URL: %s", response["url"]) except ClientError: logger.exception( "Couldn't get a presigned POST URL for bucket '%s' and object '%s'", self.bucket.name, object_key, ) raise return response
Ruby
SDK for Ruby
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

require "aws-sdk-s3" require "net/http" # Creates a presigned URL that can be used to upload content to an object. # # @param bucket [Aws::S3::Bucket] An existing Amazon S3 bucket. # @param object_key [String] The key to give the uploaded object. # @return [URI, nil] The parsed URI if successful; otherwise nil. def get_presigned_url(bucket, object_key) url = bucket.object(object_key).presigned_url(:put) puts "Created presigned URL: #{url}" URI(url) rescue Aws::Errors::ServiceError => e puts "Couldn't create presigned URL for #{bucket.name}:#{object_key}. Here's why: #{e.message}" end # Example usage: def run_demo bucket_name = "doc-example-bucket" object_key = "my-file.txt" object_content = "This is the content of my-file.txt." bucket = Aws::S3::Bucket.new(bucket_name) presigned_url = get_presigned_url(bucket, object_key) return unless presigned_url response = Net::HTTP.start(presigned_url.host) do |http| http.send_request("PUT", presigned_url.request_uri, object_content, "content_type" => "") end case response when Net::HTTPSuccess puts "Content uploaded!" else puts response.value end end run_demo if $PROGRAM_NAME == __FILE__
Rust
SDK for Rust
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the Amazon Code Examples Repository.

Create presigning requests to GET and PUT S3 objects.

async fn get_object( client: &Client, bucket: &str, object: &str, expires_in: u64, ) -> Result<(), Box<dyn Error>> { let expires_in = Duration::from_secs(expires_in); let presigned_request = client .get_object() .bucket(bucket) .key(object) .presigned(PresigningConfig::expires_in(expires_in)?) .await?; println!("Object URI: {}", presigned_request.uri()); Ok(()) } async fn put_object( client: &Client, bucket: &str, object: &str, expires_in: u64, ) -> Result<(), Box<dyn Error>> { let expires_in = Duration::from_secs(expires_in); let presigned_request = client .put_object() .bucket(bucket) .key(object) .presigned(PresigningConfig::expires_in(expires_in)?) .await?; println!("Object URI: {}", presigned_request.uri()); Ok(()) }

For a complete list of Amazon SDK developer guides and code examples, see Using this service with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.