By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

S3 Presigned Get Object Request with encryption

0

Is it possible to generate a presigned URL to get an encrypted ( with customer provided key ) object in an S3 bucket ? If it were possible, would this this URL be usable in a browser ?

Topics
Storage
Tags
Amazon Simple Storage ServiceStoragepresigned URLEncryption
Language
English
rePost-User-6126995
asked 2 years ago1755 views
2 Answers
0

Simple answer, yes and no.

S3 pre-signed URL is just an S3 URL on behalf of the signing entity.

So if the signing entity has permission to read the encrypted S3 object, anyone with that pre-signed URL will have the same permission over that object within the valid time period.

However, because SSE-C requires specific HTTP headers, it may not be usable in a browser (https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-and-presignedurl)

RichardFan
answered 2 years ago
0

Hello, so your mean we must use something like axios to send request URL to s3 with specific HTTP headers right? But if use aws-sdk package do we need add headers too?

rePost-User-8207723
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content