Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Amazon S3 Query String Authentication for Ruby on Rails
def generate_secure_s3_url(s3_key)
# s3_key would be a path (including filename) to the file like: "folder/subfolder/filename.jpg"
# but it should NOT contain the bucket name or a leading forward-slash
# this was built using these instructions:
s3_base_url = MyApp::Application::S3_BASE_URL # i.e.
bucket = MyApp::Application::S3_BUCKET # i.e. mybucket
access_key_id = MyApp::Application::S3_ACCESS_KEY_ID # your Amazon S3 access key ID
secret_access_key = MyApp::Application::S3_SECRET_ACCESS_KEY # your Amazon S3 secret access key
expiration_date = 2.days.from_now.utc.to_i # 2 days from now in UTC epoch time (i.e. 1308172844)
# this needs to be formatted exactly as shown below and UTF-8 encoded
string_to_sign = "GET\n\n\n#{expiration_date}\n/#{bucket}/#{s3_key}".encode("UTF-8")
# we have to CGI/URL escape the signature since it would fail if it included / or + characters
signature = CGI.escape( Base64.encode64(
secret_access_key, string_to_sign)).gsub("\n","") )
return "#{s3_base_url}/#{s3_key}?AWSAccessKeyId=#{access_key_id}

This comment has been minimized.

Copy link
Owner Author

@iwasrobbed iwasrobbed commented Jul 11, 2011

Keep in mind that .encode("UTF-8") is a Ruby 1.9+ capability.


This comment has been minimized.

Copy link

@jhorsch jhorsch commented May 2, 2015

Has there been an update to match the criteria shown at

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment