25.2.2. Using Pre-Signed URLs
For this configuration, create a publically readable bucket in S3 by setting the List permissions to Everyone to allow public read access. Each node in the cluster generates a pre-signed URL for put and delete operations, as required by the
S3_PING
protocol. This URL points to a unique file and can include a folder path within the bucket.
Note
Longer paths will cause errors in
S3_PING
. For example, a path such as my_bucket/DemoCluster/node1
works while a longer path such as my_bucket/Demo/Cluster/node1
will not.
25.2.2.1. Generating Pre-Signed URLs
JGroup's
S3_PING
class includes a utility method to generate pre-signed URLs. The last argument for this method is the time when the URL expires expressed in the number of seconds since the Unix epoch (January 1, 1970).
The syntax to generate a pre-signed URL is as follows:
String Url = S3_PING.generatePreSignedUrl("{access_key}", "{secret_access_key}", "{operation}", "{bucket_name}", "{path}", {seconds});
- Replace {operation} with either
PUT
orDELETE
. - Replace {access_key} with the user's access key.
- Replace {secret_access_key} with the user's secret access key.
- Replace {bucket_name} with the name of the bucket.
- Replace {path} with the desired path to the file within the bucket.
- Replace {seconds} with the number of seconds since the Unix epoch (January 1, 1970) that the path remains valid.
Example 25.2. Generate a Pre-Signed URL
String putUrl = S3_PING.generatePreSignedUrl("access_key", "secret_access_key", "put", "my_bucket", "DemoCluster/node1", 1234567890);
Ensure that the
S3_PING
configuration includes the pre_signed_put_url
and pre_signed_delete_url
properties generated by the call to S3_PING.generatePreSignedUrl()
. This configuration is more secure than one using private S3 buckets, because the AWS credentials are not stored on each node in the cluster
Note
If a pre-signed URL is entered into an XML file, then the
&
characters in the URL must be replaced with its XML entity (&
).