Upload Logs to S3 using PreSigned URLs

This is a guide on how to generate AWS S3 PreSigned URLs and how to use them alongside Upload Logs to S3 Remote Actions.

Roles and permissions

To be able to upload files to an AWS S3 bucket through S3 REST API, you need a role assigned to your user that allows uploading objects into it.

Getting those permissions depends on how your company has integrated its identity providers with AWS Identity and Access Management (IAM).

You will need to contact your IT department to get a role for your user that allows the following actions for an already existing bucket:

IAM Role

Code
{"Version": "2012-10-17",

 "Statement": [{

 "Sid": "{{Identifier}}",

 "Effect": "Allow",

 "Action": "s3:PutObject",

 "Resource": "arn:aws:s3:::{{BucketName}}/*"

    }]

}

Generating a PreSigned URL

We will be using AWS Tools for PowerShell in the following examples. Currently, it's the only CLI toolset that has implemented the creation of PreSigned URLs for the PUT REST method.

AWS CloudShell

  1. Access AWS Management Console

  2. Click on AWS CloudShell

AWS CloudShell
  1. Change to PowerShell running pwsh

  2. Run Import-Module AWSPowerShell.NetCore

  3. Run Get-S3PreSignedURL -BucketName {bucket name} -Verb PUT -Expire ((Get-Date).AddSeconds(3600)) -Key 'filename.zip'

  4. Copy the returned output and paste it into Upload Logs S3 Remote Action's PreSignedURL input parameter

The example creates a PreSigned URL for a file called filename.zip with an expiration of 1 hour.

PowerShell

You can also generate PreSignedURLs from your computer using PowerShell, having previously installed AWS Tools for PowerShell.

Last updated