Amazon S3 is an extremely popular object storage service. You can store and retrieve any amount and type of data in it. It provides highly available and redundant object storage suitable for static or slow-changing objects, such as images, videos, or static media in general.
Objects in S3 get stored and organized through the use of “buckets.” Each bucket is a logical separation of data in S3 and can be used to upload or download data from anywhere on the web.
Here again, we can choose one of the two major approaches for access control: resource-based policies and identity-based policies. As far as resource-based policies are concerned, there are several additional options for S3: you can use bucket policies and bucket or object ACLs.
Another way to share an object with a user outside your AWS organization without having to set up AWS credentials or IAM permissions, is to use Signed URLs. These are pre-signed URLs that grant limited permission to an object to the outside world. All you have to do is create a policy statement in JSON format and configure the period of time that the signed URL will be valid.
You can then send the URL to the parties you want to share the object with and you’re done:
<https://s3.eu-west-1.amazonaws.com/abc/sharedfile.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA3S>...