All objects and buckets are by default private. The pre-signed URL is a reference to Ceph S3 object, which allows anyone who receives the URL to retrieve the S3 object with an HTTP GET request.

The following presigning command generates a pre-signed URL for a specified bucket and key that is valid for one hour:

aws s3 --profile myprofile presign s3://bucket/file

If you want to create a pre-signed URL with a custom lifetime that links to an object in an S3 bucket you have to use:

aws s3 --profile myprofile presign s3://bucket/file --expires-in 86400

This will create URL accessible for one day.
Parameter “–expires-in” is in seconds up to one week i.e. 604800 ​(7*24*60*60).

When pre-signed URL has been expired, you will see “Access Denied” message - like following:

This XML file does not appear to have any style information associated with it. The document tree is shown below. \\
<Error> \\
<link type="text/css" rel="stylesheet" id="dark-mode-general-link"/> \\
<link type="text/css" rel="stylesheet" id="dark-mode-custom-link"/> \\
<style lang="en" type="text/css" id="dark-mode-custom-style"/> \\
<Code>AccessDenied</Code> \\
<RequestId>tx0000000000000000f8f26-00sd242d-1a2234a7-storage-cl2</RequestId>\\
<HostId>1aasd67-storage-cl2-storage</HostId> \\
</Error> \\