S3: No presigned URLs for private buckets in Strapi v4.9.0


I tried to implement the new private s3 bucket support, which uploads my files as expected to an S3 Bucket at Scaleway. But when I want to access it, I do not get a presigned URL, which is why I can’t access the files.

The image is uploaded via the Strapi Admin Interface and the Thumbnail is broken, because the there is no public permission to access this files. Also, in the API response, there is no presigned URL.

How can I achieve that I get the presigned URLs via API and via the Admin panel?

Creating / deleting files works as expected via the Media Library. But accessing it is broken. Do you have any ideas? I am using the official aws-s3 plugin at the latest version.

upload: {
    config: {
      provider: "aws-s3",
      providerOptions: {
        s3Options: {
          accessKeyId: env("S3_ACCESS_KEY_ID"),
          secretAccessKey: env("S3_ACCESS_SECRET"),
          endpoint: env("S3_ENDPOINT"),
          params: {
            ACL: "private",
            signedUrlExpires: env("S3_SIGNED_URL_EXPIRES", 60 * 60 * 24 * 7),
            Bucket: env("S3_BUCKET"),


The files are in the bucket.

System Information
  • Strapi Version: 4.9.0
  • Operating System: macOS 13.3
  • Database: sqlite
  • Node Version: v18.13.0
  • NPM Version: 8.19.3
  • Yarn Version: 1.22.19

I’m facing the same problem also with Bunny net. The urls for the thumbnails are broken.

Found the problem. I switched to a new bucket, where I wanted to test the encryption, but forgot to add it to the strapi::security directives. Here is the line in the official README: strapi/README.md at 28d82d333320d119ff5a3c6fae49d1d828e9bcb8 · strapi/strapi · GitHub

But this works only for the Media Library. All other references are still without the presigned URLs.

1 Like

I confirm seeing the same issue. Media preview and linked admin content are showing presigned urls but when you hit /api/something?populate=* you will get bare unsigned urls which defeat the purpose of private buckets.

A discord thread is still active here Discord

Please fix asap, Strapi team. Thank you!

any update or solution on the presigned urls on content side?
Works fine in admin area but as you wrote, exposing the bare, unsigned urls makes no sense on a private bucket.

Thanks for any feedback.

1 Like