How to generate non-expiring signed URLs
High Level Overview
Amazon S3 has a maximum signature expiry of 7 days. In order to upload signed URLs to Labelbox that don’t expire, we recommend proxying URLs through an endpoint on your server.
In the example below, we will be showing a method of proxying through a simple flask app. We’ve provided a one-click deploy through Heroku but you could also host or build this simple handler into your existing web service.
We will… 1. Deploy a proxy endpoint: This endpoint will accept a signed URL with our JWT secret and will return a new signed s3 URL to an asset. 2. Generate Signed URLs Pointing at our Proxy: For each asset in our s3 bucket will generate a signed URL with our JWT secret that points to our server endpoint.
1. Deploy a proxy endpoint
First, you’ll need to get IAM information to be able to create pre-signed URLs… - AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY - a bucket name
Make sure this IAM user can LIST and GET files in the bucket.
Check out the example proxy we made, https://github.com/Labelbox/signed-url-example. You can deploy it with one click here…
2. Generate Signed URLs Pointing at our Proxy
- From Heroku, get the host URL of your new app by “open app”
- And then, get the generated secret (settings > reveal config vars)
git clone https://github.com/Labelbox/generate-tokenized-urls
// confirm you have node.js installed
Then you can upload
labelbox-import.json to Labelbox and you’re good to go.