토막지식시리즈

What Is Presigned Url

GrapeMilk 2024. 8. 18. 15:54

Presigned Url

 

A Presigned URL is a URL that provides temporary, secure access to a specific resource in cloud storage (like Amazon S3) without needing the client to have full access credentials. It is commonly used in scenarios where a client needs to upload or download files directly to/from cloud storage, while the server still controls access.

 

 

How Presigned URLs Work

 

When a presigned URL is generated, it includes:

  • The resource's location (bucket, key, etc.).
  • A signature created using the server's access credentials.
  • A defined expiration time, after which the URL becomes invalid.

The server typically generates this URL, embedding the necessary permissions and expiration time into it. The client can then use the URL to directly upload a file (for a PUT request) or download a file (for a GET request) without needing further authentication.

 

Common Use Cases

  • Direct File Uploads: Allow users to upload files directly to cloud storage from their browser or application without routing through your server, reducing load and complexity.
  • Secure File Sharing: Temporarily grant access to a file (like a report or media file) without exposing your credentials or full access permissions.
  • API-Driven File Access: In microservices or serverless architectures, presigned URLs can be used to allow other services to interact with specific resources securely.

Benefits

  • Security: Access is restricted by both permissions and expiration time.
  • Performance: Clients upload or download files directly from storage, reducing server bandwidth and processing load.
  • Simplified Permissions: You don’t need to manage complex access controls for each client interaction—just generate the presigned URL with the right permissions.

Limitations

  • Temporary Access: The URL is only valid for a limited time.
  • Sensitive Handling Required: If the URL is exposed, unauthorized users can access the resource until it expires.

In summary, a presigned URL is a powerful tool for secure, temporary access to cloud storage resources, enabling efficient file transfers and fine-grained control over access.

 

서버의 이미지 serving 부담을 줄여주고 클라이언트가 직접 파일 업로드함으로서 파일명 수정등의 소통비용도 줄일 수 있는 것 같다.