Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

What will be the expiry limit for signed URLs generated using lambdas?

0

I have setup a new lambda function to generate signed URLs for the objects in a private bucket

The URL generation works fine and the generated URL is also accessible. However I am not sure about the exact duration of the URL's expiry

The execution role associated with the lambda function is currently being used to generate the URL and it has s3:GetObject action included in the policy statement and the execution role has a maximum session duration of 1 Hour. I have set the expiry duration to 7 days within the function's code

I am a bit confused here on which duration will take effect for the signed URL. Whether it will be the provided duration of 7 days or the shot-lived session duration of the lambda execution role?

Themen
ServerlosKalkulationSicherheit, Identität & KonformitätSpeicher
Tags
AWS LambdaIAM-Richtlinienvorsignierte URL
Sprache
English
Neel
gefragt vor 4 Monaten250 Aufrufe
1 Antwort
2

It will be 1 hour when using temporary credentials such as the role of the lambda function. It’s recommended if you need up to 7 days is to create an IAM user and have your lambda function use IAM keys under the user to create a pre signed url. If you want to set the duration up to a maximum of 7 days.

I think it’s a poor design but the only way it works.

profile picture
EXPERTE
Gary Mclean
beantwortet vor 4 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt