Module Awskit_s3.Presigned

Standalone S3 presigned request generation.

type addressing_style = Endpoint_config.addressing_style

S3 bucket addressing style used when building the presigned request.

type endpoint_variant = Endpoint_config.endpoint_variant

AWS S3 endpoint variant.

type method_ = [
  1. | `GET
  2. | `PUT
  3. | `HEAD
  4. | `DELETE
]

HTTP method a caller must use with the generated request.

type result

Opaque generated presigned request artifact.

Presigned URLs are bearer tokens. The raw URL is intentionally hidden behind reveal_url; use safe_uri, method_, signed_headers, request_headers, and the expiry accessors for logs, diagnostics, and user-facing output. Consumers that execute the request must use reveal_url, method_, and all request_headers exactly as returned.

val method_ : result -> method_

HTTP method the caller must use.

val safe_uri : result -> Uri.t

Documentation/log-safe URI with SigV4 bearer query parameters removed.

Operation query parameters such as response overrides, versionId, partNumber, and uploadId are preserved.

val signed_headers : result -> (string * string) list

All canonical headers that were part of the signature, including host.

Do not log header values unless the caller has made an explicit application-level decision that they are safe.

val request_headers : result -> (string * string) list

Signed headers the caller must explicitly send with the eventual request.

The host header is omitted because it is derived from the revealed URL's authority and is normally set by the HTTP client. Do not log header values unless the caller has made an explicit application-level decision that they are safe.

val requested_expires_in : result -> Ptime.Span.t

Lifetime requested by the caller, or the default when omitted.

val effective_expires_in : result -> Ptime.Span.t

Lifetime actually signed into the bearer URL.

This is capped by temporary credential expiration when credentials expire before the requested lifetime.

val expires_at : result -> Ptime.t option

Absolute expiration timestamp for the effective lifetime.

val reveal_url : result -> string

Return the fully signed bearer URL.

This includes SigV4 credential, signature, and session-token material and should only be handed to the component that will execute the presigned request. Do not print or log it by default.

val pp : Stdlib.Format.formatter -> result -> unit

Safe pretty-printer that omits the raw bearer URL, SigV4 credential, signature, session token, and signed header values.

module Put_object : sig ... end
module Get_object : sig ... end
module Head_object : sig ... end
module Upload_part : sig ... end
module Delete_object : sig ... end
type endpoint_config = Endpoint_resolver.t

Reusable endpoint configuration for callers generating many URLs.

val endpoint_config : ?addressing_style:addressing_style -> ?endpoint_variant:endpoint_variant -> unit -> endpoint_config

Build AWS endpoint configuration for presigning.

Use Awskit_s3.Endpoint_config.s3_compatible, Awskit_s3.Endpoint_config.local_plaintext, or Awskit_s3.Endpoint_config.unsafe_plaintext for explicit non-AWS endpoints before calling the _with_endpoint_config functions.

val get_object : region:string -> credentials:Awskit.Credentials.t -> now:Ptime.t -> ?addressing_style:addressing_style -> ?endpoint_variant:endpoint_variant -> bucket:Bucket_name.t -> key:Object_key.t -> ?options:Get_object.options -> unit -> (result, Awskit.Error.t) Stdlib.result

Generate a presigned GET Object request artifact.

val put_object : region:string -> credentials:Awskit.Credentials.t -> now:Ptime.t -> ?addressing_style:addressing_style -> ?endpoint_variant:endpoint_variant -> bucket:Bucket_name.t -> key:Object_key.t -> ?options:Put_object.options -> unit -> (result, Awskit.Error.t) Stdlib.result

Generate a presigned PUT Object request artifact. Headers represented by options, such as content type or checksum, must be sent by the eventual uploader.

val head_object : region:string -> credentials:Awskit.Credentials.t -> now:Ptime.t -> ?addressing_style:addressing_style -> ?endpoint_variant:endpoint_variant -> bucket:Bucket_name.t -> key:Object_key.t -> ?options:Head_object.options -> unit -> (result, Awskit.Error.t) Stdlib.result

Generate a presigned HEAD Object request artifact.

val delete_object : region:string -> credentials:Awskit.Credentials.t -> now:Ptime.t -> ?addressing_style:addressing_style -> ?endpoint_variant:endpoint_variant -> bucket:Bucket_name.t -> key:Object_key.t -> ?options:Delete_object.options -> unit -> (result, Awskit.Error.t) Stdlib.result

Generate a presigned DELETE Object request artifact.

val upload_part : region:string -> credentials:Awskit.Credentials.t -> now:Ptime.t -> ?addressing_style:addressing_style -> ?endpoint_variant:endpoint_variant -> upload:_ Multipart.Upload.t -> part_number:Multipart.Part_number.t -> ?options:Upload_part.options -> unit -> (result, Awskit.Error.t) Stdlib.result

Generate a presigned UploadPart request artifact for one multipart part number.

val get_object_with_endpoint_config : region:Awskit.Region.t -> credentials:Awskit.Credentials.t -> now:Ptime.t -> endpoint_config:endpoint_config -> bucket:Bucket_name.t -> key:Object_key.t -> ?options:Get_object.options -> unit -> (result, Awskit.Error.t) Stdlib.result

Like get_object, using a prebuilt endpoint configuration.

val put_object_with_endpoint_config : region:Awskit.Region.t -> credentials:Awskit.Credentials.t -> now:Ptime.t -> endpoint_config:endpoint_config -> bucket:Bucket_name.t -> key:Object_key.t -> ?options:Put_object.options -> unit -> (result, Awskit.Error.t) Stdlib.result

Like put_object, using a prebuilt endpoint configuration.

val head_object_with_endpoint_config : region:Awskit.Region.t -> credentials:Awskit.Credentials.t -> now:Ptime.t -> endpoint_config:endpoint_config -> bucket:Bucket_name.t -> key:Object_key.t -> ?options:Head_object.options -> unit -> (result, Awskit.Error.t) Stdlib.result

Like head_object, using a prebuilt endpoint configuration.

val delete_object_with_endpoint_config : region:Awskit.Region.t -> credentials:Awskit.Credentials.t -> now:Ptime.t -> endpoint_config:endpoint_config -> bucket:Bucket_name.t -> key:Object_key.t -> ?options:Delete_object.options -> unit -> (result, Awskit.Error.t) Stdlib.result

Like delete_object, using a prebuilt endpoint configuration.

val upload_part_with_endpoint_config : region:Awskit.Region.t -> credentials:Awskit.Credentials.t -> now:Ptime.t -> endpoint_config:endpoint_config -> upload:_ Multipart.Upload.t -> part_number:Multipart.Part_number.t -> ?options:Upload_part.options -> unit -> (result, Awskit.Error.t) Stdlib.result

Like upload_part, using a prebuilt endpoint configuration.