Day 16: AWS - S3

satyam mishrasatyam mishra
2 min read

Signed URLs – Sharing S3 Files (But Only When I Want To)

After setting up my static site and locking it down with bucket policies, I started wondering —
How do people share private files securely from S3?

That’s when I stumbled on pre-signed URLs.


What Are Signed URLs?

They're like one-time tickets that expire.

You generate a special URL for a private S3 object, and whoever has it can access the file — but only:

  • For a limited time

  • With exactly the permissions you allow

It's perfect for:

  • Sending temporary download links

  • Giving access to private images, videos, PDFs, etc.


How I Generated My First Signed URL

I made sure the file was in a private bucket (no public access). Then I used the AWS CLI:

aws s3 presign s3://my-private-bucket/my-file.pdf --expires-in 600

Output:
A long URL that looks like this:
https://s3.amazonaws.com/my-private-bucket/my-file.pdf?...signature...

When I opened it in the browser — it worked!
Then 10 minutes later — Access Denied. Just as expected.

Tried It with Python Too (Just for Fun)

import boto3

s3 = boto3.client('s3')
url = s3.generate_presigned_url(
    'get_object',
    Params={'Bucket': 'my-private-bucket', 'Key': 'my-file.pdf'},
    ExpiresIn=300
)
print(url)

Even slicker. This opens up a lot of use cases for future projects where I want to serve secure, expiring links.


Why This is Cool

  • No need to make the whole bucket public

  • Great for time-limited downloads or paid content

  • Feels like actual security in action, not just theory


Lessons From Today

  • Even private buckets can serve content — if you control the access

  • Signed URLs are another way AWS balances security and flexibility

  • I’m starting to see how AWS services piece together like LEGO blocks


🔜 Next?

I’m curious about:

  • S3 Lifecycle Rules – auto-cleanup, archiving, etc.

  • Maybe connecting my static site to Route 53

  • Or going hands-on with CloudFront and caching

One thing at a time.

Day 16 — signed, sealed, delivered.

0
Subscribe to my newsletter

Read articles from satyam mishra directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

satyam mishra
satyam mishra