By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

What will be the expiry limit for signed URLs generated using lambdas?

0

I have setup a new lambda function to generate signed URLs for the objects in a private bucket

The URL generation works fine and the generated URL is also accessible. However I am not sure about the exact duration of the URL's expiry

The execution role associated with the lambda function is currently being used to generate the URL and it has s3:GetObject action included in the policy statement and the execution role has a maximum session duration of 1 Hour. I have set the expiry duration to 7 days within the function's code

I am a bit confused here on which duration will take effect for the signed URL. Whether it will be the provided duration of 7 days or the shot-lived session duration of the lambda execution role?

Topics
ServerlessComputeSecurity, Identity, & ComplianceStorage
Tags
AWS LambdaIAM Policiespresigned URL
Language
English
Neel
asked 3 months ago228 views
1 Answer
2

It will be 1 hour when using temporary credentials such as the role of the lambda function. It’s recommended if you need up to 7 days is to create an IAM user and have your lambda function use IAM keys under the user to create a pre signed url. If you want to set the duration up to a maximum of 7 days.

I think it’s a poor design but the only way it works.

profile picture
EXPERT
Gary Mclean
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content