1 Answer
- Newest
- Most votes
- Most comments
3
This is covered in the documentation:
To create a presigned URL that's valid for up to 7 days, first delegate IAM user credentials (the access key and secret key) to the method you're using to create the presigned URL.
If you are going to create an IAM user with long-lived credentials I'd strongly recommend storing those credentials somewhere that you can limit access to (Secrets Manager or Parameter Store are a good start); and scope the credentials down so that they can only perform the S3 operation(s) that the presigned URL will be created for.
Relevant content
- asked 6 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 20 days ago
- AWS OFFICIALUpdated 11 days ago
- AWS OFFICIALUpdated a year ago
So an IAM user is the only way to go about this? Otherwise it's limited to 12 hours?
Yes, or whatever shorter time the generating credentials are scoped to.