Skip to content

Commit 1bf87e3

Browse files
whutchinson98whutchinson98
authored
docs(s3-request-presigner): add in getSignedUrl example with and without signed headers (#6129)
1 parent a2f25e3 commit 1bf87e3

File tree

1 file changed

+49
-0
lines changed

1 file changed

+49
-0
lines changed

Diff for: packages/s3-request-presigner/README.md

+49
Original file line numberDiff line numberDiff line change
@@ -91,4 +91,53 @@ to `presigned` is not sufficient to make a request. You need to send the
9191
server-side encryption headers along with the url. These headers remain in the
9292
`presigned.headers`
9393

94+
### Get Presigned URL with headers that cannot be signed
95+
96+
By using the `getSignedUrl` with a `S3Client` you are able to sign your
97+
headers, improving the security of presigned url. Importantly, if you want to
98+
sign any `x-amz-*` headers (like the ChecksumSHA256 header in this example),
99+
you need to provide those headers to the set of `unhoistableHeaders` in the
100+
`getSignedUrl` params which will force those headers to be present in the
101+
upload request.
102+
103+
```javascript
104+
import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
105+
import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
106+
107+
const s3Client = new S3Client({ region: "us-east-1" });
108+
const command = new PutObjectCommand({
109+
Bucket: bucket,
110+
Key: key,
111+
ChecksumSHA256: sha,
112+
});
113+
114+
const presigned = getSignedUrl(s3Client, command, {
115+
expiresIn: expiration,
116+
// Set of all x-amz-* headers you wish to have signed
117+
unhoistableHeaders: new Set(["x-amz-checksum-sha256"]),
118+
});
119+
```
120+
121+
### Get Presigned URL with headers that should be signed
122+
123+
For headers that are not `x-amz-*` you are able to add them to the set of
124+
`signableHeaders` to be enforced in the presigned urls request.
125+
126+
```javascript
127+
import { PutObjectCommand, S3Client } from "@aws-sdk/client-s3";
128+
import { getSignedUrl } from "@aws-sdk/s3-request-presigner";
129+
130+
const s3Client = new S3Client({ region: "us-east-1" });
131+
const command = new PutObjectCommand({
132+
Bucket: bucket,
133+
Key: key,
134+
ContentType: contentType,
135+
});
136+
137+
const presigned = getSignedUrl(s3Client, command, {
138+
signableHeaders: new Set(["content-type"]),
139+
expiresIn: expiration,
140+
});
141+
```
142+
94143
For more information, please go to [S3 SSE reference](https://docs.aws.amazon.com/AmazonS3/latest/dev/KMSUsingRESTAPI.html)

0 commit comments

Comments
 (0)