S3 has a feature which allows you to generate signed URLs which are valid only for a predefined period of time. This makes it much safer to distribute URLs via email/slack etc..
Process
- Find the object in the S3 console and note the bucket name and object path.
- Ensure your AWS credentials are loaded into your environment.
- Use the AWS CLI to create a pre-signed URL:
# TTL is the number of seconds until the URL expires. # - 86400: 24 hours # - 604800: 7 days # - 2592000: 30 days TTL=604800 BUCKET=bucket-name OBJECT=object/path.tgz aws s3 presign s3://${BUCKET}/${OBJECT} --expires-in ${TTL} - Send the resulting URL to the intended recipient (ensure you include a note about its expiration). The link should look something like this:
https://bucket-name.s3.amazonaws.com/object/path.tgz?AWSAccessKeyId=AKIAJ54UGSPNBHHHHGA&Expires=1516229734&Signature=XUi654DFIbAs55QJGnMuD92fZ%2FQ%3D