Generate S3 Presigned URL with 7 Day Expiry via Lambda
Trying to find a way to generate a presigned URL via Lambda to get an S3 object. Need to be able to set the expiry for up to 10 days. I see that it is possible to do this via SDK using the signature v4 signing process, but don't believe that this can be done via Lambda. Is this possible?
- 最新
- 投票最多
- 评论最多
This can be accomplished using Lambda up to a maximum of 7 days. 10 days is beyond the maximum valid expiration period for any pre-signed url scenario using Sig V4. To have a pre-signed URL be valid for the entire 7 days you need to use valid credentials for an IAM User to generate the URL. To do this in Lamdba you'd need to give the Lambda access to long-lived IAM User credentials and and use them to generate the pre-signed URL w/ Sig v4.
You could do this with encrypted ENV Variables or Secrets Manager for example. Then configure your lambda to use these credentials, and not a the Lambda's execution role credentials when generating the pre-signed urls.
This is related to a topic located here: https://repost.aws/questions/QUN4e24VL5QM6ygP99mEydUA/generate-presigned-url-for-s-3-object-lambda.
To see an updated guide for how to build presigned URLs and set the expiration date, this guide is pretty helpful: https://howtocloud.io/generate-s3-presigned-urls-with-boto3/.
相关内容
AWS 官方已更新 2 年前
