By using AWS re:Post, you agree to the Terms of Use

Generate S3 Presigned URL with 7 Day Expiry via Lambda


Trying to find a way to generate a presigned URL via Lambda to get an S3 object. Need to be able to set the expiry for up to 10 days. I see that it is possible to do this via SDK using the signature v4 signing process, but don't believe that this can be done via Lambda. Is this possible?

2 Answers
Accepted Answer

This can be accomplished using Lambda up to a maximum of 7 days. 10 days is beyond the maximum valid expiration period for any pre-signed url scenario using Sig V4. To have a pre-signed URL be valid for the entire 7 days you need to use valid credentials for an IAM User to generate the URL. To do this in Lamdba you'd need to give the Lambda access to long-lived IAM User credentials and and use them to generate the pre-signed URL w/ Sig v4.

You could do this with encrypted ENV Variables or Secrets Manager for example. Then configure your lambda to use these credentials, and not a the Lambda's execution role credentials when generating the pre-signed urls.

answered 2 years ago

This is related to a topic located here:

To see an updated guide for how to build presigned URLs and set the expiration date, this guide is pretty helpful:

answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions