Creating Amazon S3 public, private and encrypted shared links for business use

Amazon S3 is a great robust reliant storage service but sharing files could be easier. This post will step you through how you can easily create and share links for Amazon S3 using SMEStorage clients and tools.

If you wish to make file links available for sharing using Amazon S3 then you need to edit the Access Control List list for that file and grant read access. Amazon provides API’s and programmatic access to do this and there are many tools that work with Amazon that enable to visually alter the ACL. S3Fox is one popular one that comes to mind.

The SMEStorage tools are more focused on the use of shared links from a knowledge worker or business perspective. How they are generated and used works above any Cloud File mapped to a SMEStorage Account (ie. Not just Amazon S3).

The way SMEStorage works is that it becomes an abstraction of any Cloud that it is mapped to it. During the initial setup SMEStorage syncs information about the files. This includes the filename, date, creation and modify time, location etc. The files don’t move and continue to reside at their original location, and this mechanism enables SMEStorage to provide a virtual Cloud directory of files available to your account from the different storage providers you have mapped to it.

This meta mapping mechanism is transparent to users and enables SMEStorage to add value added services, such as the link creation for example (other examples that come to mind are adding FTP and WebDav even when the underlying Clouds do not support them).

Once the Amazon S3 Provider has been added to an account and the meta information sync, as outlined above, completed it is possible to generate secure private, or public file links for sharing files.

When you generate a link using any of the SMEStorage tools for Amazon S3 you are not changing the ACL of the file, which remains private, but granting access to the file via SMEStorage.

There are a few ways you can share files in this way:

1. Generate a SMEStorage link (which in turn can be given as a TinyURL). This link is generated using a 30 character created URL. The URL string is created using multiple input seeds: the filename, file size, and a random seed. The link does not exist until it is requested. Once requested the link remains available until the file is changed (ie renamed, or moved).

The advantage of this is that you can share a link with one or two people whilst keeping the actual file private.

All tools can generate such links, below is an example of this using iSMEStorage for the iPad.

2. Managed file sharing link: you can choose to share files using a SMEStorage generated email. The advantage of this is you can set an expiry time on the links which prevents the link from being reused or passed around at some point in the future.

Below is a screenshot of this sharing method from iSMEStorage for iPad.

3. Setting a file to public. When you set an Amazon S3 file (or any other file mapped to your account) to public it appears on your public files page, RSS page and is available via the web as it can be indexed by Search engines.

4. Sharing a file with a Collaboration Group: With SMEStorage you can choose to create Virtual Groups, to which you can invite members. You can do this directly from Client Tools, including mobile tools. You can then choose to share a file with the group and all members of the group will automatically be notified that there is a new file, without you needing to do anything. They are also notified automatically if a file is changed or updated.

Below are some mobile groups that have been created from a Windows Phone 7 mobile device:

5. Encrypted file shares: if you upload the file using any SMEStorage client you can choose to encrypt the file using AES-256 encryption, in which you keep the private key. SMEStorage does not store it. If you lose the key you will not be able to access the file. Once encrypted you can choose to share using any of the above mechanisms, but anyone clicking on the file link will need the password you chose when you encrypted the file. If you don’t provide this to them they will not be able to access the file.

The picture below shows the screen that is shown when a user tries to access an encrypted file.

Facebooktwitterredditpinterestlinkedinmailby feather
The following two tabs change content below.
The Leading Enterprise File Fabric

Latest posts by Storage Made Easy (see all)