Upload Logs to S3 using PreSigned URLs
This is a guide on how to generate AWS S3 PreSigned URLs and how to use them alongside Upload Logs to S3 Remote Actions.
Roles and permissions
To be able to upload files to an AWS S3 bucket through S3 REST API, you need a role assigned to your user that allows uploading objects into it.
Getting those permissions depends on how your company has integrated its identity providers with AWS Identity and Access Management (IAM).
You will need to contact your IT department to get a role for your user that allows the following actions for an already existing bucket:
IAM Role
{"Version": "2012-10-17",
"Statement": [{
"Sid": "{{Identifier}}",
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::{{BucketName}}/*"
}]
}
Generating a PreSigned URL
We will be using AWS Tools for PowerShell in the following examples. Currently, it's the only CLI toolset that has implemented the creation of PreSigned URLs for the PUT REST method.
AWS CloudShell
Access AWS Management Console
Click on AWS CloudShell
Change to PowerShell running
pwsh
Run
Import-Module AWSPowerShell.NetCore
Run
Get-S3PreSignedURL -BucketName {bucket name} -Verb PUT -Expire ((Get-Date).AddSeconds(3600)) -Key 'filename.zip'
Copy the returned output and paste it into Upload Logs S3 Remote Action's PreSignedURL input parameter
The example creates a PreSigned URL for a file called filename.zip
with an expiration of 1 hour.
PowerShell
You can also generate PreSignedURLs from your computer using PowerShell, having previously installed AWS Tools for PowerShell.
Follow Installing the AWS Tools for PowerShell guide to install AWS Tools for PowerShell depending on your operating system
Follow How to retrieve short-term credentials for CLI use with AWS IAM Identity Center to get your credentials and paste them into
.aws/credentials
fileRun
Initialize-AWSDefaultConfiguration -ProfileName {profile name} -Region {aws region}
, replacing{profile name}
and{aws region}
with yours.Run
Get-S3PreSignedURL -BucketName {bucket name} -Verb PUT -Expire ((Get-Date).AddSeconds(3600)) -Key 'filename.zip'
, replacing {bucket name} and filename.zip with yours.