Parent: #109
Scope
Advanced / optional features. Lower priority — implement on-demand when concrete use cases arise.
Candidate Features
Presigned URLs
Generate time-limited signed URLs for client-side upload/download without exposing credentials:
def presigned_get_url(self, bucket, key, expires=3600) -> str: ...
def presigned_put_url(self, bucket, key, expires=3600) -> str: ...
TTL-aware cache reads
For the veilrender use case: embed stored_at timestamp in S3 object metadata and enforce cache_ttl on read, so L2 cache entries expire without relying on external S3 lifecycle policies:
# On put: metadata["x-amz-meta-stored-at"] = str(int(time.time()))
# On get: check stored_at + ttl vs now, treat expired as miss
Relates to: veilrender#21 review comment
Retry + backoff
Configurable retry with exponential backoff for transient S3 errors (5xx, network timeouts):
S3Client(..., max_retries=3, retry_backoff=0.5)
Bucket lifecycle policy management
def get_bucket_lifecycle(self, bucket) -> list[LifecycleRule]: ...
def set_bucket_lifecycle(self, bucket, rules: list[LifecycleRule]) -> None: ...
def delete_bucket_lifecycle(self, bucket) -> None: ...
Server-side encryption (SSE)
- SSE-S3 (
x-amz-server-side-encryption: AES256)
- SSE-KMS (
x-amz-server-side-encryption: aws:kms)
Object versioning
def get_bucket_versioning(self, bucket) -> str: ... # "Enabled" | "Suspended" | "Off"
def set_bucket_versioning(self, bucket, status: str) -> None: ...
def list_object_versions(self, bucket, prefix="") -> list[VersionInfo]: ...
Checksum / integrity
- Automatic MD5 / CRC32 verification on
put_object / get_object
x-amz-checksum-* header support (AWS SDK v3 style)
Connection pooling
Reuse HTTP connections across requests (keep-alive) for high-throughput scenarios.
Notes
- Most of these are straightforward extensions of the signing + HTTP plumbing built in Phase 1
- Presigned URLs and TTL-aware reads are the most likely to be needed near-term
Parent: #109
Scope
Advanced / optional features. Lower priority — implement on-demand when concrete use cases arise.
Candidate Features
Presigned URLs
Generate time-limited signed URLs for client-side upload/download without exposing credentials:
TTL-aware cache reads
For the veilrender use case: embed
stored_attimestamp in S3 object metadata and enforcecache_ttlon read, so L2 cache entries expire without relying on external S3 lifecycle policies:Relates to: veilrender#21 review comment
Retry + backoff
Configurable retry with exponential backoff for transient S3 errors (5xx, network timeouts):
Bucket lifecycle policy management
Server-side encryption (SSE)
x-amz-server-side-encryption: AES256)x-amz-server-side-encryption: aws:kms)Object versioning
Checksum / integrity
put_object/get_objectx-amz-checksum-*header support (AWS SDK v3 style)Connection pooling
Reuse HTTP connections across requests (keep-alive) for high-throughput scenarios.
Notes