Amazon S3

Pre-Signed

URLs

Allow application

users to download

files from your private

Amazon S3 buckets

without giving access

to buckets

http://www.aws-simplified.com/

AWS S3 Pre-signed URLs

The Pre-signed time-bound URLs allow you

to let your end users:

Download files from you Amazon S3 private

bucket

Within certain time-limit

Without need for additional credentials.

Highly Simplified Use Case

Step 1: A user requests to download a file

through your business application.

He has no knowledge of your Amazon S3

buckets

Just like all documents, this file is stored on

the Amazon S3 bucket.

Highly Simplified Use Case

Highly Simplified Use Case

Step 2: You Application Invokes Amazon

S3 APIs

Highly Simplified Use Case

Highly Simplified Use Case

Step 3: S3 Creates Pre-signed URL

Pre-signed URL is time-bound and expires

after pre-specified time period.

Highly Simplified Use Case

Highly Simplified Use Case

Step 4: URL is returned to User

Your business application presents URL to

user.

Highly Simplified Use Case

Highly Simplified Use Case

Step 5: User download the file

User clicks on the link. Now two things can happen

User may click the link within 10 seconds from the

time it was created: he will be able to download

the file. Because the link was created using

Amazon S3 APIs, S3 bucket very well knows that

this download request is pre-authenticated. It lets

user download the file.

User clicks the link after 10 seconds: User gets error

and no file is downloaded.

Highly Simplified Use Case

Complete Flow