All objects and buckets are by default private. The pre-signed URL is a reference to Ceph S3 object, which allows anyone who receives the URL to retrieve the S3 object with an HTTP GET request.
The following presigning command generates a pre-signed URL for a specified bucket and key that is valid for one hour:
aws s3 --profile myprofile presign s3://bucket/file
If you want to create a pre-signed URL with a custom lifetime that links to an object in an S3 bucket you have to use:
aws s3 --profile myprofile presign s3://bucket/file --expires-in 86400
This will create URL accessible for one day.
Parameter “–expires-in” is in seconds up to one week i.e. 604800 (7*24*60*60).
When pre-signed URL has been expired, you will see “Access Denied” message - like following:
This XML file does not appear to have any style information associated with it. The document tree is shown below. \\ <Error> \\ <link type="text/css" rel="stylesheet" id="dark-mode-general-link"/> \\ <link type="text/css" rel="stylesheet" id="dark-mode-custom-link"/> \\ <style lang="en" type="text/css" id="dark-mode-custom-style"/> \\ <Code>AccessDenied</Code> \\ <RequestId>tx0000000000000000f8f26-00sd242d-1a2234a7-storage-cl2</RequestId>\\ <HostId>1aasd67-storage-cl2-storage</HostId> \\ </Error> \\
Once you generate pre-signed URL, you can't change its lifetime, you have to generate a new pre-signed URL. It applies to both, expired and non-expired URLs.