This article explains how to direct download a file from an AWS S3 bucket.

Amazon Simple Storage Service (Amazon S3) is a storage service in the cloud. The AWS Free Tier includes 5Gb of S3 storage for 12 months. Then you are switched to pay as you go.

Setting permissions from the web

Upload a file to an S3 bucket

  • Create an AWS account.
  • Sign in to the AWS console.
  • Go to the S3 console.
  • Click Create a bucket.
  • Write an arbitrary Bucket name, check ACLs enabled, check Bucket owner preferred, uncheck Block all public access. Leave everything else as it is and click Create bucket.
  • Click the bucket you just created and drop a file in it. Before you click Upload expand Permissions and check Grant public-read access, you’ll need to check an additional “I understand the risk” box.
  • Click the file you just created and write down the Object URL and Key.

Great success! Now your file is available for direct download. The URL is the Object URL you see when you click on your file on the web.

For each additional file you need to upload, then edit permissions of the file to make it public read, then save changes.

Note that posting a file publically may lead to high traffic and charges in your account. If you share a file with someone, you can limit its availability using “pre-signed URLs” from the web or the AWS CLI (aws s3 presign). These URLs have a maximum validity of seven days (604800 seconds).

 *  *  *  *

Setting permissions with AWS CLI

The easiest way to set permissions for a file is using the web. In case you need to do the same with the AWS CLI for automation reasons, here is the recipe. I’m going to do it for one file, this should give you an idea on how it goes.

Add S3 permissions to one of your users

  • Go to IAM.
  • Click Users.
  • Click one of your users. Click Attach existing policies directly.
  • Check Add AmazonS3FullAccess. Click Next: Review, click Add Permissions.

Get the Access and Secret keys of your user

  • Click one of your users.
  • Go to Security credentials and click Create access key.
  • Click Show User Security Credentials and write down the Access key ID and Secret key ID.

Install AWS CLI

  • Install homebrew.
  • Install AWS CLI: brew install awscli.
  • Configure AWS CLI: aws configure. This requests the access and secret keys you created before. For region, type the name of the region where you made the S3 bucket, if you click your bucket in the web you’ll see it in the URL of the browser. The output can be json, or just click Enter.
  • These steps create a file ~/.aws/config with the region and output.

Get the canonical user ID of your user

  • Run: aws s3api list-buckets --query Owner.ID --output text and write down the resulting string.

Set a public-read ACL for the file

  • Run aws s3api put-object-acl --bucket BUCKET_NAME --key FILE_KEY --acl public-read. The BUCKET_NAME is the name of your bucket. The FILE_KEY is the property Key that appears when you click on your file on the web.

This was way more convoluted, but now you can upload files (aws s3 cp ) and set permissions from the terminal.