S3 has a feature which allows you to generate signed URLs which are valid only for a predefined period of time. This makes it much safer to distribute URLs via email/slack etc..


  1. Find the object in the S3 console and note the bucket name and object path.
  2. Ensure your AWS credentials are loaded into your environment.
  3. Use the AWS CLI to create a pre-signed URL:
    # TTL is the number of seconds until the URL expires.
    # - 86400:   24 hours
    # - 604800:  7 days
    # - 2592000: 30 days
    aws s3 presign s3://${BUCKET}/${OBJECT} --expires-in ${TTL}
  4. Send the resulting URL to the intended recipient (ensure you include a note about its expiration). The link should look something like this: