Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS S3 createPresignedPost vs getSignedUrl. Which one should I use for uploading various files from client side?

Tags:

file-upload

amazon-web-services

amazon-s3

aws-sdk

On S3 document, there is createPresignedPost and getSignedUrl.

On getSignedUrl:

Note: Not all operation parameters are supported when using pre-signed URLs. Certain parameters, such as SSECustomerKey, ACL, Expires, ContentLength, or Tagging must be provided as headers when sending a request. If you are using pre-signed URLs to upload from a browser and need to use these fields, see createPresignedPost().

Is createPresignedPost simply more customizable version of getSignedUrl? Is it doing the same thing underneath?

like image 971
Joon Avatar asked Oct 04 '18 22:10

Joon

People also ask

What is the main advantage to a pre-signed URL?

A presigned URL gives you access to the object identified in the URL, provided that the creator of the presigned URL has permissions to access that object.

When should I use Presigned URL S3?

Pre-signed URLs are used to provide short-term access to a private object in your S3 bucket. They work by appending an AWS Access Key, expiration time, and Sigv4 signature as query parameters to the S3 object. There are two common use cases when you may want to use them: Simple, occasional sharing of private files.

What is the difference between put and post in AWS S3?

POST is an alternate form of PUT that enables browser-based uploads as a way of putting objects in buckets. Parameters that are passed to PUT through HTTP Headers are instead passed as form fields to POST in the multipart/form-data encoded message body.

Are pre-signed URL safe?

Anyone can use a valid presigned URL Just to make sure this is clear: if you generate a presigned URL anyone can use this, the user generating this link could use it to phish another user and let them upload an arbitrary file. So be sure you threat model properly your feature to avoid logic vulnerabilities.

1 Answers

If you want to restrict users from uploading files beyond certain size, you should be using createPresigendPost, and specify ContentLength

with getSignedUrl, there is no restricting object size and user can potentially upload a 5TB object (current object limit) to s3

Note that if you can specify ContentLength in params when calling getSignedUrl('putObject',params, callback) you will be thrown 

Presigning post data encountered an error { UnexpectedParameter: ContentLength is not supported in pre-signed URLs.

There is an issue on this subject

like image 72
kwalski Avatar answered Sep 21 '22 06:09

kwalski
Sign in to Comment

Related questions

How can I run Rails background jobs on AWS Elastic Beanstalk?
How to pass Cognito token to Amazon API Gateway?
How to route between two subnets in an AWS VPC w/ Terraform?
Alexa skill SSML max length
How to Launch Spark 2.0 on EC2
AWS API Gateway returns a 403 with x-amzn-ErrorType:AccessDeniedException header
AWS Elastic Beanstalk: How to use environment variables in ebextensions?
How to add encryption to boto3.s3.transfer.TransferConfig for s3 file upload
Backend and Frontend on same port
Amazon Elastic Block Store and EC2 drive
aws cli lambda `update-function-configuration` deletes existing environment variables
S3 Presigned URL Multiple Content Disposition Headers
PostgreSQL on Elastic Beanstalk (Amazon Linux 2)
how to get all instances with a tag under my amazon account using aws java sdk
In Apache Spark. How to set worker/executor's environment variables?
AWS CLI moving file with wildcard (asterisk) in path
AWS-CloudWatch: InvalidSequenceTokenException
Using AWS Certificate Manager (ACM Certificate) with Elastic Beanstalk
Single Page Application in AWS CloudFront
Define tags in central section in TerraForm

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!