A simple service that pre-signs S3 URLs.
When combined with access controls, this service can provide access to private resources in S3 to clients without those clients being S3-aware. For a simple example, suppose that we had a yum repository stored in a private S3 bucket. Instead of making all our servers S3-aware, we could point all of our servers to this gateway and use a firewall to ensure that only approved servers can access the objects in our yum repo.
This gateway is intended to be deployed with a proxy server or firewall that controls access to this service.
Set AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
environment variables or
put them into ~/.aws/credentials
. Set AWS_REGION
.
Run s3gateway BUCKET
to start the service on port 8080.
Request localhost:8080/some-key-in-bucket and the service will redirect you to a pre-signed URL for the requested key in the specified bucket.