Extend s3 pre-signed url expiry

Question

I have a lambda that generates the S3 presigned download URL and send back the presigned URL. These presigned URLs expire after 12 hours, assuming this is due to the expiry of temporary authenticaton tokens (I have set presign expiry to 7 days). Wondering how I can increase this 12 hours to 24 hours.
Ref - https://repost.aws/knowledge-center/presigned-url-s3-bucket-expiration

This is how I'm creating the s3 client in go.

```
    awsSession := session.Must(
        session.NewSessionWithOptions(
            session.Options{
                Config:             aws.Config{Region: aws.String("us-west-2")},
                AssumeRoleDuration: sessionExpiry,
            },
        ),
    )
    return &s3Client{
        client: s3.New(awsSession),
    }
```

Answer

Similar answer here: https://repost.aws/questions/QUd6IcnCLtQ6aN7Nd43TBUag/generate-s-3-presigned-url-with-7-day-expiry-via-lambda

Answer

The presigned URL uses the permissions granted by the credentials that is was created with. So if those credentials expire in (say) two hours and your pre-signed URL is set to 7 days the pre-signed URL will not work after two hours because the credentials have expired.

In this case you will need to have a set of credentials that expire after your pre-signed URL does. One way to do this is to create an IAM user that only has the S3 permissions that you require; store those credentials in ParameterStore; ensure that only the Lambda function can access the credentials; and then use those credentials in your Lambda function to generate the pre-signed URL.

Extend s3 pre-signed url expiry

相關內容