Skip to content

Instantly share code, notes, and snippets.

@jpillora
Last active August 23, 2023 12:07
Show Gist options
  • Save jpillora/260873a1238ee1a80d7b4420689a8716 to your computer and use it in GitHub Desktop.
Save jpillora/260873a1238ee1a80d7b4420689a8716 to your computer and use it in GitHub Desktop.
S3 signed GET in plain bash (Requires openssl and curl)
#!/bin/bash
#set these in your environment/profile (NOT HERE)
AWS_ACCESS_KEY=""
AWS_SECRET_KEY=""
function s3get {
#helper functions
function fail { echo "$1" > /dev/stderr; exit 1; }
#dependency check
if ! hash openssl 2>/dev/null; then fail "openssl not installed"; fi
if ! hash curl 2>/dev/null; then fail "curl not installed"; fi
#params
path="${1}"
bucket=$(cut -d '/' -f 1 <<< "$path")
key=$(cut -d '/' -f 2- <<< "$path")
region="${2:-us-west-1}"
#load creds
access="$AWS_ACCESS_KEY"
secret="$AWS_SECRET_KEY"
#validate
if [[ "$bucket" = "" ]]; then fail "missing bucket (arg 1)"; fi;
if [[ "$key" = "" ]]; then fail "missing key (arg 1)"; fi;
if [[ "$region" = "" ]]; then fail "missing region (arg 2)"; fi;
if [[ "$access" = "" ]]; then fail "missing AWS_ACCESS_KEY (env var)"; fi;
if [[ "$secret" = "" ]]; then fail "missing AWS_SECRET_KEY (env var)"; fi;
#compute signature
contentType="text/html; charset=UTF-8"
date="`date -u +'%a, %d %b %Y %H:%M:%S GMT'`"
resource="/${bucket}/${key}"
string="GET\n\n${contentType}\n\nx-amz-date:${date}\n${resource}"
signature=`echo -en $string | openssl sha1 -hmac "${secret}" -binary | base64`
#get!
curl -H "x-amz-date: ${date}" \
-H "Content-Type: ${contentType}" \
-H "Authorization: AWS ${access}:${signature}" \
"https://s3-${region}.amazonaws.com${resource}"
}
#example usage
s3get my-bucket/a/path/to/my/file > /tmp/file
@matthewmueller
Copy link

I was looking forever for this. thanks!

@kondakovdmitry
Copy link

This does not work any more. The Amazon returns the error: "The authorization mechanism you have provided is not supported. Please use AWS4-HMAC-SHA256."

@jpillora
Copy link
Author

@kondakovdmitry Not able to test at the moment, can someone test with openssl sha1 -> openssl sha256?

@petigrafix
Copy link

@jpillora no, does not work with sha256

@mmaday
Copy link

mmaday commented May 5, 2020

Was able to get this working with sha256 at https://gist.github.com/mmaday/c82743b1683ce4d27bfa6615b3ba2332.

@jpillora
Copy link
Author

jpillora commented May 5, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment