Menu
I am generating a pre-signed link using the java sdk for a client. We have new requirements to allow the links to remain active for at least 30 days. When I set the expiration longer I get the below error:
Requests that are pre-signed by SigV4 algorithm are valid for at most 7 days
I need to determine a way around this as the client cannot accept updates to the links (say, if I just auto-generated updates weekly). Is there a way around this? Can I pass a given set of read-only creds maybe?
597
In the Amazon S3 console, the maximum expiration time for a presigned URL is 12 hours from the time of creation.
The maximum expiration time for presigned url is one week from time of creation. So there is no way to have a presigned url without expiry time.
The main purpose of presigned URLs is to grant a user temporary access to an S3 object. However, presigned URLs can be used to grant permission to perform additional operations on S3 buckets and objects.
The presigned URLs are useful if you want your user/customer to be able to upload a specific object to your bucket, but you don't require them to have AWS security credentials or permissions.
See this detailed answer for a description of the limitation on the days.
Generating read only credentials for the client would not work well because the client would have to use those credentials to either create their own pre-signed URL (no different than you doing it now -- it will still expire in a max of 7 days) or use an AWS SDK to directly download the file without a pre-signed URL.
Using SigV4 and having a constant link for longer than 7 days could be done with a middle layer (like a REST endpoint) whose URL does not change and serves up the file when requested.
166
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
