AWS Java SDK 2.0 create a presigned URL for a S3 object

Chris Turner :

I know with version 1.x of the SDK it's as simple as per the docs

java.util.Date expiration = new java.util.Date();
long msec = expiration.getTime();
msec += 1000 * 60 * 60; // Add 1 hour.
expiration.setTime(msec);

GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(bucketName, objectKey);
generatePresignedUrlRequest.setMethod(HttpMethod.PUT); 
generatePresignedUrlRequest.setExpiration(expiration);

URL s = s3client.generatePresignedUrl(generatePresignedUrlRequest);

However looking at the 2.0 docs but I can't find anything close to the GeneratePresignedUrlRequest.

Hopefully there is another simple pattern for this?

Andreas Frische :

This is now supported for S3's GetObject. See here.

  // Create an S3Presigner using the default region and credentials.
      // This is usually done at application startup, because creating a presigner can be expensive.
      S3Presigner presigner = S3Presigner.create();

      // Create a GetObjectRequest to be pre-signed
      GetObjectRequest getObjectRequest =
              GetObjectRequest.builder()
                              .bucket("my-bucket")
                              .key("my-key")
                              .build();

      // Create a GetObjectPresignRequest to specify the signature duration
      GetObjectPresignRequest getObjectPresignRequest =
          GetObjectPresignRequest.builder()
                                 .signatureDuration(Duration.ofMinutes(10))
                                 .getObjectRequest(request)
                                 .build();

      // Generate the presigned request
      PresignedGetObjectRequest presignedGetObjectRequest =
          presigner.presignGetObject(getObjectPresignRequest);

      // Log the presigned URL, for example.
      System.out.println("Presigned URL: " + presignedGetObjectRequest.url());

      // It is recommended to close the S3Presigner when it is done being used, because some credential
      // providers (e.g. if your AWS profile is configured to assume an STS role) require system resources
      // that need to be freed. If you are using one S3Presigner per application (as recommended), this
      // usually is not needed.
      presigner.close();

This is also now supported for S3's PutObject. Example here.

S3Presigner presigner = S3Presigner.create();
PresignedPutObjectRequest presignedRequest =
    presigner.presignPutObject(r -> r.signatureDuration(Duration.ofMinutes(5))
                                        .putObjectRequest(por -> por.bucket(testBucket).key(objectKey)));

System.out.println("Pre-signed URL to upload a file to: " + 
                   presignedRequest.url());
System.out.println("Which HTTP method needs to be used when uploading a file: " + 
                   presignedRequest.httpRequest().method());
System.out.println("Which headers need to be sent with the upload: " + 
                   presignedRequest.signedHeaders())

Here's an example of uploading to S3 using a PresignedPutObjectRequest:

PresignedPutObjectRequest presignedRequest = ...;
SdkHttpClient httpClient = ApacheHttpClient.builder().build();

ContentStreamProvider contentToUpload = () -> new StringInputStream("Hello, World!");
HttpExecuteRequest uploadRequest = HttpExecuteRequest.builder()
                                                     .request(presignedRequest.httpRequest())
                                                     .contentStreamProvider(contentToUpload)
                                                     .build();

HttpExecuteResponse response = httpClient.prepareRequest(uploadRequest).call();
Validate.isTrue(response.httpResponse().isSuccessful());