1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
The credentials that the Lambda function is operating with are relatively short-lived - they may expire by the time the presigned URL is used. Hence it is better in this case to have long-lived credentials which are used for creating the URL - as you are doing now.
Contenus pertinents
- demandé il y a un an
- demandé il y a 6 mois
- demandé il y a 7 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 6 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
Isn't current AWS policy to use role based access control for lambda? When I go to create a permanent IAM key it prompts me what the key will be used for - and if I select for accessing resources from within AWS then it recommends RBAC over a permanent IAM key.
Yes, you should absolutely use roles for Lambda functions - 100%. But in this case the presigned URL may outlive the lifetime of the Lambda function and (therefore) also the lifetime of the credentials. So you would create some long-lived credentials; store them securely (in Parameter Store for example); scope the permissions so that only the Lambda function has access to those permissions; and scope the permissions for the credentials so that they can only access the objects the you want the presigned URL to access.