Skip to main content

Download Pre Signed URL

Generates a presigned URL that allows temporary download access to an S3 object without requiring AWS credentials, with optional inline display or forced download.

Common Properties

  • Name - The custom name of the node.
  • Color - The custom color of the node.
  • Delay Before (sec) - Waits in seconds before executing the node.
  • Delay After (sec) - Waits in seconds after executing node.
  • Continue On Error - Automation will continue regardless of any error. The default value is false.
info

If the ContinueOnError property is true, no error is caught when the project is executed, even if a Catch node is used.

Inputs

  • Client Id - The client connection ID from the Connect node. Optional if using credentials directly.
  • Bucket Name - The name of the S3 bucket containing the object.
  • Object Name - The key/name of the object to generate a download URL for, including any prefixes (folder path).
  • Expiration Second - The number of seconds until the presigned URL expires (e.g., 3600 for 1 hour).

Options

  • File Name - (Optional) Custom filename for the downloaded file. When provided and Share is not enabled, the browser will download the file with this name.
  • Share - If enabled, the URL will display the file inline in the browser (for images, PDFs, videos). If disabled, the file will be downloaded as an attachment.
  • End Point - S3 endpoint URL. Required only if using credentials directly instead of Client ID.
  • Access Key Id - AWS Access Key ID credential. Optional - use this instead of Client ID for direct authentication.
  • Secret Key Access - AWS Secret Access Key credential. Optional - use this instead of Client ID for direct authentication.

Output

  • result - The complete presigned URL that can be used to download or view the object.

How It Works

The Download Pre Signed URL node generates a temporary, secure URL that allows anyone with the URL to download or view a file from S3 without AWS credentials. When executed, the node:

  1. Retrieves the S3 client using either the Client ID or creates a new client from credentials
  2. Validates that the bucket name, object name, and expiration time are provided
  3. Determines the content disposition based on the Share option
  4. Generates a presigned GET URL with the specified expiration time and response headers
  5. Returns the complete presigned URL
  6. The URL grants read-only access for the specified object and expires after the set time

Requirements

  • Either a valid Client ID from a Connect node, or Access Key ID and Secret Access Key credentials
  • A valid S3 bucket with the object to share
  • Appropriate S3 permissions to read objects (s3:GetObject)
  • The object must exist in the bucket

Error Handling

The node will return specific errors in the following cases:

  • Empty or invalid bucket name
  • Empty or invalid object name
  • Invalid expiration time
  • Invalid Client ID or credentials
  • Bucket does not exist
  • Object does not exist
  • Insufficient permissions to generate presigned URLs
  • Network or connection errors

Share Option Behavior

Share = false (Download Mode):

  • Browser will download the file as an attachment
  • File will be saved with the specified File Name (or original name if not provided)
  • Content-Disposition: attachment; filename="your-file.pdf"
  • Best for: Files you want users to download (documents, archives, executables)

Share = true (Inline Mode):

  • Browser will attempt to display the file inline
  • Works well for images, PDFs, videos, text files
  • Content-Disposition: inline
  • Best for: Files you want users to view directly (images, PDFs, videos)

Usage Notes

  • The presigned URL is valid only for the specified duration
  • After expiration, the URL returns an access denied error
  • The URL grants read-only access - it cannot be used to modify or delete
  • Anyone with the URL can access the file during the valid period
  • No AWS credentials are required by the downloader
  • URL security depends on keeping the URL private
  • The File Name option only works when Share is disabled
  • Browsers may override inline display based on security settings

URL Expiration Guidelines

Recommended expiration times based on use case:

  • Short-term sharing (15-60 minutes): Temporary file access, one-time downloads
  • Medium-term sharing (1-24 hours): Document review, client deliverables
  • Long-term sharing (24+ hours): Rarely recommended due to security concerns

Best Practices

  • Use the shortest practical expiration time for security
  • Generate new URLs for each download request when possible
  • Don't share presigned URLs publicly or in insecure channels
  • Use HTTPS endpoints to protect URLs in transit
  • Monitor bucket access for unauthorized downloads
  • Implement download tracking in your application
  • Consider using CloudFront for frequently accessed content
  • Rotate URLs regularly for sensitive content
  • Log URL generation for audit purposes

Example

To generate a presigned URL for downloading a PDF invoice:

Inputs:

  • Client Id: (from Connect node)
  • Bucket Name: company-invoices
  • Object Name: 2024/march/invoice-2024-001.pdf
  • Expiration Second: 3600 (1 hour)

Options:

  • File Name: Invoice-2024-001.pdf
  • Share: false (force download)

Output:

https://s3.amazonaws.com/company-invoices/2024/march/invoice-2024-001.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=...&X-Amz-Date=20240315T120000Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3D%22Invoice-2024-001.pdf%22&X-Amz-Signature=...

This URL can be shared with users to download the invoice.

Inline Display Example

To generate a URL for viewing an image in the browser:

Inputs:

  • Client Id: (from Connect node)
  • Bucket Name: photo-gallery
  • Object Name: photos/2024/vacation.jpg
  • Expiration Second: 1800 (30 minutes)

Options:

  • Share: true (display inline)

Output: A presigned URL that displays the image directly in the browser when clicked.

Common Use Cases

Document Sharing Share documents with clients or partners temporarily:

  1. Generate Presigned URL - Create download URL
  2. Send URL - Email or message the URL to recipient
  3. Recipient Downloads - User downloads file with the URL
  4. URL Expires - Access automatically revoked after expiration

Temporary File Access Provide time-limited access to files:

  1. User Requests File - Application receives download request
  2. Generate URL - Create presigned URL with short expiration
  3. Return URL - Send URL to user
  4. Track Download - Log download activity

Media Gallery Display images or videos from S3 in a web application:

  1. List Objects - Get all images in bucket
  2. Loop - For each image:
    • Generate Presigned URL - Create display URL
    • Add to Gallery - Include URL in gallery HTML
  3. Display - Browser loads images using presigned URLs

Report Distribution Distribute generated reports to users:

  1. Generate Report - Create report file
  2. Upload to S3 - Save report to bucket
  3. Generate Presigned URL - Create download URL
  4. Send Notification - Email URL to stakeholders
  5. Track Downloads - Monitor who accessed the report

Secure Download Portal Create a download portal without exposing AWS credentials:

  1. User Authenticates - User logs into portal
  2. List Available Files - Show user's accessible files
  3. Generate URLs - Create presigned URLs for each file
  4. User Downloads - User clicks to download files

Dynamic URL Generation

Generate URLs based on user context:

const userId = 'user-123';
const fileId = 'report-456';
const objectName = `users/${userId}/reports/${fileId}.pdf`;
const fileName = `${userId}-report-${fileId}.pdf`;

Inputs:

  • Object Name: (constructed dynamically)
  • Expiration Second: 3600

Options:

  • File Name: (constructed dynamically)
  • Share: false

Email Integration

Generate and email download links:

  1. Generate Presigned URL - Create download URL
  2. Compose Email - Build email with URL
  3. Send Email - Email URL to recipient

Email template:

Hello,

Your requested file is ready for download:
[Download File](presigned_url)

This link will expire in 1 hour.

Direct Credentials Example

Inputs:

  • Bucket Name: shared-files
  • Object Name: documents/presentation.pptx
  • Expiration Second: 7200 (2 hours)

Options:

  • File Name: Company-Presentation.pptx
  • Share: false
  • End Point: s3.us-east-1.amazonaws.com
  • Access Key Id: (your AWS Access Key ID credential)
  • Secret Key Access: (your AWS Secret Access Key credential)

Create an image gallery with presigned URLs:

  1. List Objects - Get all images
  2. Loop - For each image:
    • Generate Presigned URL with Share=true
    • Store URL in array
  3. Render Gallery - Display images using URLs

HTML example:

<img src="${presignedUrl}" alt="Gallery Image">

Video Streaming

Generate URLs for video playback:

Options:

  • Share: true (inline display)
  • Expiration Second: 3600

The URL can be used in HTML5 video players:

<video controls>
  <source src="${presignedUrl}" type="video/mp4">
</video>

PDF Preview

Display PDFs in browser:

Options:

  • Share: true (inline display)

Browsers will show the PDF in their built-in viewer.

Download with Custom Filename

Force download with specific filename:

Options:

  • File Name: Quarterly-Report-Q1-2024.xlsx
  • Share: false

User's browser will save the file with the specified name, regardless of the original object name in S3.

Multiple File Download

Generate download URLs for multiple files:

  1. List Objects - Get files to download
  2. Loop - For each file:
    • Generate Presigned URL
    • Add to Download List
  3. Create ZIP or provide individual URLs

Expiration Time Examples

  • 300 seconds (5 minutes): One-time downloads
  • 1800 seconds (30 minutes): Quick file sharing
  • 3600 seconds (1 hour): Standard document sharing
  • 7200 seconds (2 hours): Extended access for reviews
  • 86400 seconds (24 hours): Maximum recommended for most use cases

Security Considerations

  • URLs can be shared and used by anyone who has them
  • Use short expiration times for sensitive content
  • Monitor S3 access logs for unusual activity
  • Consider using CloudFront signed URLs for additional control
  • Implement authentication before generating URLs
  • Don't embed presigned URLs in public web pages or code
  • Use HTTPS to prevent URL interception

Common Errors

Error: "NoSuchKey: The specified key does not exist"

  • Solution: Verify the object exists in the bucket before generating URL

Error: "NoSuchBucket: The specified bucket does not exist"

  • Solution: Verify the bucket name is correct

Error: "Access Denied"

  • Solution: Ensure your credentials have s3:GetObject permission

Error: "Invalid Client ID"

  • Solution: Verify the Client ID from the Connect node is correct

Monitoring and Analytics

Track presigned URL usage:

  1. Generate URL - Create presigned URL
  2. Log Generation - Record URL creation (user, object, expiration)
  3. Monitor Access - Check S3 access logs
  4. Analyze Usage - Review download patterns

URL Lifecycle

  1. Generation: Presigned URL created with expiration time
  2. Active Period: URL can be used for downloads/viewing
  3. Expiration: URL becomes invalid after expiration time
  4. Post-Expiration: Access attempts fail with signature errors

CloudFront Integration

For better performance with frequently accessed content, consider using CloudFront with presigned URLs:

  1. Set up CloudFront distribution for your S3 bucket
  2. Generate presigned URLs using CloudFront domain
  3. Benefit from edge caching and faster delivery