Pre-signed URLs

Pre-signed URLs provide a way to grant temporary access to objects stored in S3-compatible storage systems like UltiHash. They are often used to enable uploads or downloads from users or systems that should not have direct access credentials.

This guide walks through the general process of setting up a system that generates pre-signed URLs and using them to interact with your object storage.

What are pre-signed URLs

A pre-signed URL is a time-limited link to an object in storage. It includes all necessary authentication in the query string of the URL itself. Clients can use these URLs to upload or download files without needing access keys or additional permissions.

Common use cases include:

Temporary read or write access
Integrating object storage with third-party tools
Allowing front-end applications to upload or download data securely

Prerequisites

To set up a pre-signed URL generator, you will need:

An S3-compatible object storage cluster (e.g. UltiHash), publicly accessible over HTTPS
A Kubernetes cluster to host the generator service
kubectl configured to access your Kubernetes cluster
AWS CLI configured to talk to your storage endpoint
An optional domain or public URL under which to expose the generator

Deploying the URL generator

A pre-signed URL generator is typically a lightweight web service running inside your infrastructure. Its job is to accept object path requests and return pre-signed URLs based on your credentials and permissions.

To deploy the generator:

Clone the repository (this example uses UltiHash’s):

git clone https://github.com/UltiHash/scripts.git && cd superannotate

Last updated 3 months ago

Was this helpful?