Tool to Generate S3 Expiring Links

s3-expiry.50projects.com

The Problem

While doing some AWS consulting for a new client I was struck by how difficult it was sometimes to download a file from S3. You can make the file world readable, but that’s not terribly secure and odds are you’ll forget to turn it off. You can copy the URL generated by the Download button in the S3 console, but by default that only lasts 5 minutes, and if you have a 5Gb file you’ll be out of luck. A plethora of tools exist to solve this problem but I never have time to install, configure, purchase a license, etc…

Fortunately S3 allows you to generate your own expiring links with expirations lasting up to 7 days. With that in mind all I needed to do was build a simple client-side JS app that would generate the link for me. Then I could put it online and use it whenever necessary without fear of exposing my clients sensitive data.

Building It

CryptoJS exists and allows me to perform the necessary HMAC-SHA256 operations to generate the signature. The tough part was implementing it in JS and matching Amazon’s very finnicky documentation.

Lessons Learned

  • I could have built this for Signature Version 2 which is far simpler.
  • The [AWS documentation’s]((http://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) HMAC-SHA256 function takes the secret first. CryptoJS takes the secret as the last argument.
  • I still have trouble making things look pretty. I need a CSS framework for quick utility sites that doesn’t require me to relearn everything.
  • I adore that you can host a site quickly on s3. Simply create a bucket named the domain you’ll be hosting, then set everything to public.
  • S3 is still slow for publicly hosting resources. If this were higher traffic I’d put a CloudFront instance in front of it.
  • I was a bit bummed to see someone beat me to building this. You can see their implementation at http://www.dancartoon.com/projects/s3-siggenerator/

github.com/pcorliss/s3-expiry

s3-expiry.50projects.com