Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS S3 presigned URL contains X-Amz-Security-Token

I am trying to create a presigned URL for a file in my S3 bucket using go sdk.

When I run the program from command line, I get the presigned URL which doesn't contain the X-Amz-Security-Token.

But if I use the same code from a lambda function, I always get the X-Amz-Security-Token in the URL.

I am not sure why this behaviour is different.

Here is the code -

func CreatePreSignedURL(bucketName string, path string) (string, error) {

    sess, err := session.NewSession(&aws.Config{
        Region: aws.String("us-east-1")},
    )

    svc := s3.New(sess)

    req, _ := svc.GetObjectRequest(&s3.GetObjectInput{
        Bucket: aws.String(bucketName),
        Key:    aws.String(path),
    })

    urlStr, err := req.Presign(60 * time.Minute)

    if err != nil {
        fmt.Println("error in generarting presigned URL is ", err)
        return urlStr, err
    }

    return urlStr, nil
}

The URL generated by lambda is quite long, for my application I am expecting a shorter URL without X-Amz-Security-Token

like image 303
Dattatray Avatar asked Feb 22 '19 10:02

Dattatray


1 Answers

When the function is run in your command line, it generates pre-signed URLS with IAM credentials possibly stored in environment variables or in ~/.aws/config.

Temporary credentials are assigned for the IAM role associated 1 with the function when invoked in AWS Lambda environment.

AWS necessitates that requests made with temporary credentials include x-amz-security-token header. 2

I don't find the length of the URL to be an issue here.

If you like to keep a consistent behavior locally and in the Lambda function environment, an easy way to go is to set the AWS credentials in the environment of the Lambda function.

like image 161
Oluwafemi Sule Avatar answered Sep 25 '22 10:09

Oluwafemi Sule