top of page
Search

Elevate Your S3 Game with Batch -Generating Presigned URLs!

  • Dec 8, 2023
  • 4 min read

Updated: 5 days ago

Are we not weary of carrying out commands one after another?

Batch commands, known for their ability to automate tasks and streamline processes, are a game-changer for both beginners seeking automation solutions and experienced users looking to optimize their workflow.


In the realm of command-line interfaces, batch commands shine as versatile instruments, allowing users to execute a series of commands in a sequential and automated fashion. From simple file operations to complex system configurations, batch commands empower you to perform repetitive tasks effortlessly.


Commands can be conveyed through various mediums, ranging from text to voice and even potentially capturing brain waves. The successful preparation, transmission, reception, interpretation, and execution of these commands are shared responsibilities of initiator and executor.


In one way or another, we've already come across the term "batch file."

A batch script, commonly known as a batch file, is a script primarily employed on Windows operating systems to automate tasks and carry out a sequence of commands or instructions. These scripts utilize a series of commands, encompassing system commands, executable files, and various scripting constructs, to accomplish tasks such as file manipulation, program execution, configuration changes, and other operations.


“The earliest reference to batch files is 1981, with the release of IBM PC DOS 1.0 - it used the file AUTOEXEC. BAT to run various commands at startup. “

It's an old technology. 42 years..


Now, I've discovered a method to integrate this 42-year-old technology with a 17-year-old one—none other than AWS S3.


“Amazon S3 was launched 17 years ago on Pi Day, March 14, 2006, and created the first generally available AWS service. “


Let's talk about S3 Presigned URLs


Suppose you own a private S3 bucket, and you aim to grant access to a particular object for a specific user who lacks the authorization to access such objects.


Seems like something fishy!!


Not if that object contains logs that can be analysed by a security specialist outside your organisation to resolve any issues persist with your service configuration.

In that case you have to create some authentic method to securely pass only that specific folder/file and not the entire s3.


A pre-signed URL, also known as a pre-signed link, offers a means to provide temporary access to a resource, like an S3 object (file) or an API Gateway endpoint, to individuals lacking direct permissions for resource access. This temporary access is granted without requiring the requester to possess AWS credentials, making it valuable for situations where you need to securely share private resources.


Generating a Pre Signed URL


You can generate a pre signed url by these method

  • Using the S3 console

  • Using the AWS CLI

  • Using the AWS SDKs

  • Using AWS Explorer for Visual Studio (Windows)

  • Using AWS Toolkit for Visual Studio Code

This prompted me to wonder whether there might be an alternative method for generating pre-signed URLs. A voice inside my head affirmed, "Yes, there is indeed another way."


The method is just for experiment only. In many cases this solution may not be feasible.

But it still works.!!!


I prefer using the AWS CLI in this context. When employing the CLI command for the typical generation of a pre-signed URL, the process is as follows


aws s3 presign "< S3 Object URL >" \
--expires-in <SECONDS>\
--region <REGION> \
--profile <PROFILE>

For each URL generation, the repetitive process of copying the S3 URL and executing the entire command became cumbersome. This led me to contemplate developing a script that takes only the S3 object URL as input and simplifies the URL generation.




What I did


For generating a pre-signed URL,


Step 1: We require a user with the permission to execute the GetObject action on that specific S3 bucket, and no additional permissions are necessary.

So I created a user named Tony and attached an inline policy that allows the user to GetObject from the s3.


{
    "Version": "2012-10-17",
    "Statement": [
   	 {
   		 "Sid": "VisualEditor0",
   		 "Effect": "Allow",
   		 "Action": "s3:GetObject",
   		 "Resource": "arn:aws:s3:::avengers-initiative/*"
   	 }
    ]
}

This policy allows the user to get all the object in S3 since its ( * )


Step 2: Now we need to configure the CLI profile with Access key and secret key in our locale.

aws configure – profile s3-presigned-creator


AWS Access Key ID [None]: 
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:

Step 3: Now we need to create a batch file.

@echo off

:loop

set /p s3url="ENTER THE S3 URL "
set OUTPUT_FILE=S3Pre.txt
aws s3 presign %s3url% --expires-in 604000 --region ap-south-1 --profile s3-presigned-creator > %OUTPUT_FILE%
echo COPY THE PRESIGNED URL
type %OUTPUT_FILE%

set /p choice="Press 'r' to re-generate the presigned URL again or any other key to exit. Press enter after...."

if '%choice%'=='r' (
	goto :loop
)else (
	goto :eof
)
:eof

Save this with .bat extension

Step 4: Once the bat file is saved, double click to run the script.

Step 5: Enter the S3object URI that you want to get the presigned URL.

As an added bonus this script will also create a text file that has the generated URL


Indeed, that's quite ingenious!







 
 
 

Comments

@Ukrishnan2025

bottom of page