Extend s3 pre-signed url expiry

0

I have a lambda that generates the S3 presigned download URL and send back the presigned URL. These presigned URLs expire after 12 hours, assuming this is due to the expiry of temporary authenticaton tokens (I have set presign expiry to 7 days). Wondering how I can increase this 12 hours to 24 hours. Ref - https://repost.aws/knowledge-center/presigned-url-s3-bucket-expiration

This is how I'm creating the s3 client in go.

    awsSession := session.Must(
        session.NewSessionWithOptions(
            session.Options{
                Config:             aws.Config{Region: aws.String("us-west-2")},
                AssumeRoleDuration: sessionExpiry,
            },
        ),
    )
    return &s3Client{
        client: s3.New(awsSession),
    }
已提问 1 年前1995 查看次数
2 回答
0

The presigned URL uses the permissions granted by the credentials that is was created with. So if those credentials expire in (say) two hours and your pre-signed URL is set to 7 days the pre-signed URL will not work after two hours because the credentials have expired.

In this case you will need to have a set of credentials that expire after your pre-signed URL does. One way to do this is to create an IAM user that only has the S3 permissions that you require; store those credentials in ParameterStore; ensure that only the Lambda function can access the credentials; and then use those credentials in your Lambda function to generate the pre-signed URL.

profile pictureAWS
专家
已回答 1 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则