By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Granting access to specific S3 files for a few days

0

We have files stored in an S3 bucket which we want to programatically grant time-limited access to. Historically, we've used S3 pre-signed URLs for this; however, we've recently moved to using IAM instance roles rather than IAM users and so the maximum duration on these pres-signed URLs is 6 hours.

One option is to put this bucket behind a Cloudfront distribution and use Cloudfront signed URLs; however, this seems to require managing private keys and distributing them to each server (and not, say, using KMS). This seems more complicated and potentially error-prone than S3 pre-signed URLs. As these URLs will only be distributed internally, we wouldn't gain much from Cloudfront's caching etc.

We could also use S3 Object Lambda or proxy the object inside our application; however, these both require writing custom code.

Are there any good alternative solutions for our use case?

Topics
StorageNetworking & Content Delivery
Tags
Amazon Simple Storage ServiceStorageAmazon CloudFront
Language
English
or-wwn
asked a month ago254 views
1 Answer
0

AWS S3 Access Grant gives you temporary access through CLI for S3: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-grants.html

Here is the FAQ that provides more information: https://aws.amazon.com/s3/faqs/#:~:text=Analyzer%20documentation.-,S3%20Access%20Grants,-Q%3A%C2%A0What%20are

AWS
vtjean
answered a month ago
profile picture
EXPERT
Giovanni Lauria
reviewed a month ago
  • or-wwn
    a month ago

    Thanks - I didn't know about Access Grant! Unfortuantely I don't think it quite works for us as many of the staff accessing these files will be non-technical, so at that point we'd have to proxy the files through a lambda/website (at which point we might as well just do the authentication there).

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content