Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

S3 Presigned Get Object Request with encryption

0

Is it possible to generate a presigned URL to get an encrypted ( with customer provided key ) object in an S3 bucket ? If it were possible, would this this URL be usable in a browser ?

Themen
Speicher
Tags
Amazon Simple Storage ServiceSpeichervorsignierte URLVerschlüsselung
Sprache
English
rePost-User-6126995
gefragt vor 2 Jahren1769 Aufrufe
2 Antworten
0

Simple answer, yes and no.

S3 pre-signed URL is just an S3 URL on behalf of the signing entity.

So if the signing entity has permission to read the encrypted S3 object, anyone with that pre-signed URL will have the same permission over that object within the valid time period.

However, because SSE-C requires specific HTTP headers, it may not be usable in a browser (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-and-presignedurl)

RichardFan
beantwortet vor 2 Jahren
0

Hello, so your mean we must use something like axios to send request URL to s3 with specific HTTP headers right? But if use aws-sdk package do we need add headers too?

rePost-User-8207723
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt