4

I am generating pre-signed url on aws s3 using python. ater generating it shows my access key in the url. how can I generate url with showing my access key?

https://console.wasabisys.com/testing-usman/?AWSAccessKeyId=

This is the code i am using:

s3 = boto3.client('s3',
endpoint_url = 'https://console.wasabisys.com',
aws_access_key_id = '<4XR7DSJX1MYFYXETUGBA>',
aws_secret_access_key = '<8aD49ac2cJsuWr7crjRTAN0jqH4JzyV6uQwhJyw1>')

url = s3.generate_presigned_url(
ClientMethod='get_object',
Params={
    'Bucket': 'testing-usman',
    'Key': '.'  

   }
)
print(url)

I need the url without showing my access key.

Tim Woocker
  • 1,883
  • 1
  • 16
  • 29
usman
  • 41
  • 1
  • 3
  • 4
    Pre-signed URLs include an access key. You can't avoid this. You could create a second IAM user specifically for the purpose of pre-signing, and limit the permissions of that user. – jarmod Aug 28 '19 at 13:05
  • 4
    [Access Key Id is not secret and does not need protecting](https://stackoverflow.com/a/7684662/303810). But if you're worried for some reason, use STS to generate temporary credentials and then use those to create a pre-signed URLs. – lexicore Aug 28 '19 at 19:33
  • 1
    thanks. I think I should go with the second IAM user. – usman Sep 02 '19 at 07:31
  • 1
    Much like a username, an access key *is* half of your credentials. – Kermit Nov 13 '21 at 01:12

1 Answers1

0

You need to provide a credential to aws, so to looks less explicit you can add to the boto3 client a config:

from botocore.client import Config

s3 = boto3.client('s3',
config=Config(signature_version='s3v4'),
endpoint_url = 'https://console.wasabisys.com',
aws_access_key_id = '<4XR7DSJX1MYFYXETUGBA>',
aws_secret_access_key = '<8aD49ac2cJsuWr7crjRTAN0jqH4JzyV6uQwhJyw1>')
Rodrigo Corrales
  • 1