If the S3 bucket is private, the objects will not be accessible for public. If anybody wants to acccess the object, we need to create an IAM user with required privileges.
But there is a way to grant temporary access to S3 object through a "pre-signed" url.
This article explains the command to enable "pre-signed" url for S3 objects using aws cli.
#aws s3 presign s3://BUCKET/OBJECT
Here we need replace BUCKET and OBJECT with the corresponding values. This command will print the pre-signed url for the mentioned S3 object.
Please note that the pre-signed url is valid for 1 hour by default.
The command have the option to specify custom expiry time.
#aws s3 presign s3://BUCKET/OBJECT --expires-in SECS
Here we need to replace SECS with the expiry time in seconds.