Nodejs AWS SDK S3 Generate Presigned URL

Question

I am using the NodeJS AWS SDK to generate a presigned S3 URL. The docs give an example of generating a presigned URL.

Here is my exact code (with sensitive info omitted):

const AWS = require('aws-sdk')

const s3 = new AWS.S3()
AWS.config.update({accessKeyId: 'id-omitted', secretAccessKey: 'key-omitted'})

// Tried with and without this. Since s3 is not region-specific, I don't
// think it should be necessary.
// AWS.config.update({region: 'us-west-2'})

const myBucket = 'bucket-name'
const myKey = 'file-name.pdf'
const signedUrlExpireSeconds = 60 * 5

const url = s3.getSignedUrl('getObject', {
    Bucket: myBucket,
    Key: myKey,
    Expires: signedUrlExpireSeconds
})

console.log(url)

The URL that generates looks like this:

https://bucket-name.s3-us-west-2.amazonaws.com/file-name.pdf?AWSAccessKeyId=[access-key-omitted]&Expires=1470666057&Signature=[signature-omitted]

I am copying that URL into my browser and getting the following response:

<Error>
  <Code>NoSuchBucket</Code>
  <Message>The specified bucket does not exist</Message>
  <BucketName>[bucket-name-omitted]</BucketName>
  <RequestId>D1A358D276305A5C</RequestId>
  <HostId>
    bz2OxmZcEM2173kXEDbKIZrlX508qSv+CVydHz3w6FFPFwC0CtaCa/TqDQYDmHQdI1oMlc07wWk=
  </HostId>
</Error>

I know the bucket exists. When I navigate to this item via the AWS Web GUI and double click on it, it opens the object with URL and works just fine:

https://s3-us-west-2.amazonaws.com/[bucket-name-omitted]/[file-name-omitted].pdf?X-Amz-Date=20160808T141832Z&X-Amz-Expires=300&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=[signature-omitted]&X-Amz-Credential=ASIAJKXDBR5CW3XXF5VQ/20160808/us-west-2/s3/aws4_request&X-Amz-SignedHeaders=Host&x-amz-security-token=[really-long-key]

So I am led to believe that I must be doing something wrong with how I'm using the SDK.

Answer 1

For AWS JavaScript SDK V3

import { getSignedUrl } from '@aws-sdk/s3-request-presigner';
import { PutObjectCommand, PutObjectCommandInput, GetObjectCommand, GetObjectCommandInput, S3Client } from '@aws-sdk/client-s3';

const s3Client = new S3Client({ ...config, signatureVersion: 'v4' });

 async function generateUploadURL(fileName: string, fileType: string): Promise<string | null> {
    const params: PutObjectCommandInput = {
      Key: fileName,
      ContentType: fileType,
      Bucket: uploadBecket,
      Metadata: { 'Content-Type': fileType },
    };

    const command = new PutObjectCommand(params);
    const url = await getSignedUrl(s3Client, command, { expiresIn: 3600 });
    return url;
  }

  async function generateDownloadURL(bucketName: string, fileS3Key: string): Promise<string | null> {

    // fileS3Key is the bucket path of file without the bucket name.
    const params: GetObjectCommandInput = {
      Key: fileS3Key,
      Bucket: bucketName,
    };

    const command = new GetObjectCommand(params);
    const url = await getSignedUrl(this.s3Client, command, {
        expiresIn: 5 * 60,
    }); // 5 mins
    return url;
  }

Answer 2

after surfing all the answers and pages in google, stackoverflow. i found a solution. The below solution is written in typescript. But, the flow is same for node js too.

import * as AWS from 'aws-sdk';

const generatePresignedUrl: string = () => {

    const AWS_S3_PRESALE_BUCKET = process.env.AWS_S3_PRESALE_BUCKET;

    AWS.config.update({
        accessKeyId: process.env.ACCESS_KEY_ID,
        secretAccessKey: process.env.SECRET_ACCESS_KEY,
        region: 'us-west-2',
        signatureVersion: 'v4',
    });

    // if u wanna create a separate folder in s3 bucket, else u can skip this step.
    const folderType: string = 'folder';
    const Key: string = `${folderType}/filename.jpg`;

    const PARAMS = {
        Bucket: AWS_S3_PRESALE_BUCKET,
        Key,
        Expires: 60 * 10, // expires in 10 minutes
    };

    const s3 = new AWS.S3();
    const URL: string = await s3.getSignedUrlPromise('putObject', PARAMS);

    return URL;
};

Answer 3

Probably not the answer you are looking for, But it turned our I swapped AWS_ACCESS_KEY_ID with AWS_SECRET_ACCESS_KEY

for future visitors, you might want to double check that.

Answer 4

For me, I was getting a 403 because the IAM role I had used to get the signed url was missing the S3:GetObject permission for the bucket/object in question. Once I added this permission to the IAM role, the signed url began to work correctly afterwards.

Answer 5

Here is the complete code for generating pre-signed (put-object) URL for any type of file in S3.

• If you want you can include expiration time using Expire parameter in parameter.
• The below code will upload any type of file like excel(xlsx, pdf, jpeg)

    const AWS = require('aws-sdk');
    const fs = require('fs');
    const axios = require('axios');
    const s3 = new AWS.S3();
    const filePath = 'C:/Users/XXXXXX/Downloads/invoice.pdf';
    
    
    var params = {
        Bucket: 'testing-presigned-url-dev',
        Key: 'dummy.pdf',
        "ContentType": "application/octet-stream"
    };
    
    
    s3.getSignedUrl('putObject', params, function (err, url) {
        console.log('The URL is', url);
    
        fs.writeFileSync("./url.txt", url);
    
    
        axios({
            method: "put",
            url,
            data: fs.readFileSync(filePath),
            headers: {
                "Content-Type": "application/octet-stream"
            }
        })
            .then((result) => {
                console.log('result', result);
    
            }).catch((err) => {
                console.log('err', err);
    
            });
    
    });

Answer 6

Since this question is very popular and the most popular answer is saying your code is correct, but there is a bit of problem in the code which might lead a frustrating problem. So, here is a working code

    AWS.config.update({ 
        accessKeyId: ':)))',
        secretAccessKey: ':DDDD',
        region: 'ap-south-1',
        signatureVersion: 'v4'
    });

    const s3 = new AWS.S3()
    const myBucket = ':)))))'
    const myKey = ':DDDDDD'
    const signedUrlExpireSeconds = 60 * 5

    const url = s3.getSignedUrl('getObject', {
        Bucket: myBucket,
        Key: myKey,
        Expires: signedUrlExpireSeconds
    });

    console.log(url);

The noticeable difference is the s3 object is created after the config update, without this the config is not effective and the generated url doesn't work.

Answer 7

Try this function with promise.

const AWS = require("aws-sdk");
const s3 = new AWS.S3({
  accessKeyId: 'AK--------------6U',
  secretAccessKey: 'kz---------------------------oGp',
  Bucket: 'bucket-name'
});

const getSingedUrl = async () => {    
  const params = {
    Bucket: 'bucket_name',
    Key: 'file-name.pdf',
    Expires: 60 * 5
  };

  try {
    const url = await new Promise((resolve, reject) => {
      s3.getSignedUrl('getObject', params, (err, url) => {
        err ? reject(err) : resolve(url);
      });
    });
    console.log(url)
  } catch (err) {
    if (err) {
      console.log(err)
    }
  }
}


getSingedUrl()

Answer 8

I had a use case where using node.js ; I wanted to get object from s3 and download it to some temp location and then give it as attachment to third-party service! This is how i broke the code:

1. get signed url from s3
2. make rest call to get object
3. write that into local location

It may help anyone; if there is same use case; chekout below link; https://medium.com/@prateekgawarle183/fetch-file-from-aws-s3-using-pre-signed-url-and-store-it-into-local-system-879194bfdcf4

Answer 9

Dustin,

Your code is correct, double check following:

1. Your bucket access policy.

2. Your bucket permission via your API key.

3. Your API key and secret.

4. Your bucket name and key.