github.com/treeverse/lakefs@v1.24.1-0.20240520134607-95648127bfb0/docs/reference/security/presigned-url.md

github.com/treeverse/lakefs@v1.24.1-0.20240520134607-95648127bfb0/docs/reference/security/presigned-url.md (about)

     1  ---
     2  title: Presigned URL
     3  description: Configuring lakeFS to use presigned URLs
     4  grand_parent: Reference
     5  parent: Security
     6  redirect_from:
     7    - /reference/presigned-url.html
     8  ---
     9  
    10  # Configuring lakeFS to use presigned URLs
    11  
    12  {% include toc_2-3.html %}
    13  
    14  With lakeFS, you can access data directly from the storage and not through lakeFS using a presigned URL.
    15  Based on the user's access to an object in the object store, the presigned URL will get read or write access.
    16  The presign support is enabled for block adapter that supports it (S3, GCP, Azure), and can be disabled by the [configuration]({% link reference/configuration.md %}) (`blockstore.<blockstore_type>.disable_pre_signed`). Note that the UI support is disabled by default.
    17  
    18  ## Using presigned URLs in the UI
    19  For using presigned URLs in the UI:
    20  1. Enable the presigned URL support UI in the lakeFS [configuration]({% link reference/configuration.md %}) (`blockstore.<blockstore_type>.disable_pre_signed_ui`   ).
    21  2. Add CORS (Cross-Origin Resource Sharing) permissions to the bucket for the UI to fetch objects using a presigned URL (instead of through lakeFS).
    22  3. The `blockstore.<blockstore_type>.disable_pre_signed` must be false to enable it in the UI.
    23  
    24  **⚠️ Note** Currently DuckDB fetching data from lakeFS does not support fetching data using presigned URL.
    25  
    26  ### Example: [AWS S3](https://docs.aws.amazon.com/AmazonS3/latest/userguide/enabling-cors-examples.html)
    27  
    28  ```json
    29    [
    30      {
    31          "AllowedHeaders": [
    32              "*"
    33          ],
    34          "AllowedMethods": [
    35              "GET",
    36              "PUT",
    37              "HEAD"
    38          ],
    39          "AllowedOrigins": [
    40              "lakefs.endpoint"
    41          ],
    42          "ExposeHeaders": [
    43              "ETag"
    44          ]
    45      }
    46    ]
    47  ```
    48  
    49  
    50  ### Example: [Google Storage](https://cloud.google.com/storage/docs/using-cors)
    51  
    52  ```json
    53    [
    54      {
    55          "origin": ["lakefs.endpoint"],
    56          "responseHeader": ["ETag"],
    57          "method": ["PUT", "GET", "HEAD"],
    58          "maxAgeSeconds": 3600
    59      }
    60     ]
    61  ```
    62  
    63  
    64  ### Example: [Azure blob storage](https://learn.microsoft.com/en-us/rest/api/storageservices/cross-origin-resource-sharing--cors--support-for-the-azure-storage-services)
    65  
    66  ```xml
    67    <Cors>
    68        <CorsRule>  
    69            <AllowedOrigins>lakefs.endpoint</AllowedOrigins>  
    70            <AllowedMethods>PUT,GET,HEAD</AllowedMethods>  
    71            <AllowedHeaders>*</AllowedHeaders>  
    72            <ExposedHeaders>ETag,x-ms-*</ExposedHeaders>  
    73            <MaxAgeInSeconds>3600</MaxAgeInSeconds>  
    74        </CorsRule>  
    75    </Cors>
    76  ```
    77