DigitalOcean

Report this

What is the reason for this report?
Question

Signed URLs for private objects in Spaces

Posted on September 20, 2017
Ubuntu 16.04
Python
Michael Kennedy

By Michael Kennedy

Hi,

I currently have a set of files on S3 that are private. I need to temporarily generate a public, signed URL. This works with the boto API (see the code at the end). How can I do this programmatically with Spaces?

Code example:

conn = S3Connection(access_key, secret_key)

return conn.generate_url(
    expires_in=expiry_in_sec,
    method='GET',
    bucket=MediaService.__find_bucket_name_from_url(raw_url),
    key=MediaService.__find_path_from_url(raw_url),
    query_auth=True,
    force_http=(not https)
)

Does the S3 compatibility work for generate_url?

Thanks, Michael



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Andrew SB
Andrew SBDigitalOcean Employee badge
September 21, 2017

Accepted Answer

Currently pre-signed URLs generated using the AWS v4 signature type are not supported. Unfortunately, v4 signatures are the default in most places, so this can cause some issues. Luckily, most clients allow you to override this.

Using boto3, you can configure your session to use the v2 signature type with:

import boto3
from botocore.client import Config

session = boto3.session.Session()

client = session.client('s3',
                        region_name='nyc3',
                        endpoint_url='https://nyc3.digitaloceanspaces.com',
                        aws_access_key_id='MYACCESSKEY',
                        aws_secret_access_key='MYSECRETKEY',
                        config=Config(signature_version='s3'))

(Passing s3 as the value for signature_version will force v3 signature. While v4 is the defualt, you can explicitly use it by passing s3v4.)

Then you can generate a functioning pre-signed url using:

url = client.generate_presigned_url(ClientMethod='get_object', 
                                    Params={'Bucket': 'my-bucket',
                                            'Key': 'my-object'},
                                    ExpiresIn=300)

Note the ExpiresIn argument. By default, pre-signed URLs will expire in an hour (3600 seconds). This example sets it to expire in 5 minutes. See the boto3 docs for more info.

0
zeltiche
zeltiche
April 27, 2018

Is AWS v4 signature supported now? (almost May 2018)

Is there a ruby example instead of python’s boto3?

0
cloud659adf5b95
cloud659adf5b95
August 26, 2019

As of 26 August 2019 , aws-java-sdk-s3 version 1.11.616 works perfectly , no need to change anything

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.