This plugin will return a pre-signed URL used to allow temporary access to private objects with an expiring URL. You can optionally allow file downloads only for logged in users and force file downloads (useful for PDF files).
From the original developer, Jonathan Melville:
This plugin was originally developed for a client in the financial services industry who wanted to make sure only logged in users had access to downloads of financial reports, and download links couldn’t be shared. … Now you can keep your S3 objects private but grant temporary access to them with an expiring link.
As of June 24, 2020, all new AWS S3 buckets require Signature Version 4. Previously, this was only required for certain regions.
Upgrading the S3 plugin to the latest version (v3.x) will solve this issue and use Signature Version 4 by default.
# Require the plugin with composer
composer require kennethormandy/craft-s3securedownloads
# Install the plugin via the Control Panel, or by running:
./craft install/plugin s3securedownloadsPass in an asset's entry id and it will return a pre-signed URL for that asset:
{% set asset = entry.myAssetField.one() %}
<a href="{{ getSignedUrl(asset.id) }}">{{ asset }}</a>By default, only users logged in will be able to generate the pre-signed URL. This can be changed within the plugin settings.
The generated a pre-signed AWS S3 URL will expire after 24 hours, or however long you have configured in the plugin settings.
By default, the download will use the same filename as the Craft CMS asset. Alternatively, a custom filename can be passed to AWS instead. For example:
{% set asset = entry.myAssetField.one() %}
<a href="{{ getSignedUrl(asset.id, { filename: 'my-new-filename.png' }) }}">{{ asset }}</a>kennethormandy\s3securedownloads\services\SignUrlSignUrl::EVENT_BEFORE_SIGN_URLSignUrl::EVENT_AFTER_SIGN_URL
use Craft;
use yii\base\Event;
use kennethormandy\s3securedownloads\events\SignUrlEvent;
use kennethormandy\s3securedownloads\services\SignUrl;
// …
Event::on(
SignUrl::class,
SignUrl::EVENT_BEFORE_SIGN_URL,
function (SignUrlEvent $event) {
$asset = $event->asset;
Craft::info("Handle EVENT_BEFORE_SIGN_URL event here", __METHOD__);
}
);
Event::on(
SignUrl::class,
SignUrl::EVENT_AFTER_SIGN_URL,
function (SignUrlEvent $event) {
$asset = $event->asset;
Craft::info("Handle EVENT_AFTER_SIGN_URL event here", __METHOD__);
}
);S3 Secure Downloads is built for Craft v3.x. For a version that runs on Craft v2.5.x, see the original plugin. Note that as of June 24, 2020 all new AWS S3 buckets require URLs to be signed using Signature Version 4, and the original plugin (understandably) only signs URLs using Signature Version 2.
Copyright © 2016–2019 Jonathan Melville
Copyright © 2019–2020 Kenneth Ormandy Inc.