This is how I am generating pre-signed url for an S3 object from my python script.
s3client = boto3.client("s3")
url = s3client.generate_presigned_url("get_object", Params={"Bucket": args.bucket, "Key": dated_filename}, ExpiresIn=86400)
where I am giving an expiry of 24 hours.
When I try to download the file immediately using the url from a browser, it works. But it doesn't work if I try to download it, say after 10-12 hours (I don't know the exact time after which it starts failing).
This is the error I am getting.
<Code>ExpiredToken</Code>
<Message>The provided token has expired.</Message>
Not sure if it is a bug or I am not doing it the right way. Any help would be appreciated.
If you created a presigned URL using a temporary token, then the URL expires when the token expires. The URL expires even if the URL was created with a later expiration time.
Using the S3 console In the Amazon S3 console, the maximum expiration time for a presigned URL is 12 hours from the time of creation.
During this time, based on their expiration dates, any object found to be expired will be queued for removal. You will not be billed for any associated storage for those objects on or after their expiration date. If server access logging has been enabled for that S3 bucket, an S3. EXPIRE.
Are you running under an IAM role? A presigned URL is only valid as long as the session key that was used when generating it. If you are authenticating as an IAM user with long-lived access keys, this is not a problem. But IAM roles use temporary access keys that cycle every 36 hours.
You know your session key has expired because you are getting the "The provided token has expired." error, which (as noted above) is a different error message than "Request has expired " which you get when the presigned URL reached its expiration date.
Also, presigned URLs have a hard limit of 7 days - but that doesn't seem to be your problem.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With