Greg Heartsfield home

Pre-signing URIs for expiration with S3

This is a neat feature of S3 that I wasn’t aware of until after digging through the API docs. You can generate URIs to S3 resources, which expire after a given time. It’s in the latest release of hS3, which includes an example for generating a URI valid for a certain number of seconds in the future.

Instead of making an object public via an ACL, you create a signature of the resource and an expiration date. This signature is added as a query element to the URI, and then given out to users. The end result looks like the following:

http://s3.amazonaws.com:80/hS3/LICENSE
?AWSAccessKeyId=09MD8BAR1GEXCERHT1R2
&Expires=1191208823
&Signature=bY6Luynk8mxbzaO8yv2Pcd3kd1U%3d

Which is generated by code like:

do uri <- publicUriForSeconds connection object exp_seconds
   putStrLn uri

Validate XHTML Validate CSS