AWS S3 pre signed URL without Expiry date

女生的网名这么多〃 提交于 2019-11-26 19:56:31

问题


Is there any way that I can generate Pre-Signed URL's without any expiry date ? I'm developing a Email app where my attachments will be saved in S3. Also please let me know what is the best way to download attachments via JavaScript SDK.

I'm using below code

var params = {Bucket: 'bucket', Key: 'key', Expires: 60};
var url = s3.getSignedUrl('getObject', params);
console.log('The URL is', url);

回答1:


The maximum expiration time for presigned url is one week from time of creation. So there is no way to have a presigned url without expiry time.




回答2:


It depends on how you generate the S3 pre-signed URL. Specifically, which signature version you use and what type of IAM credentials you use.

The credentials that you can use to create a pre-signed URL include:

  • IAM instance profile (temporary, rotated credentials): valid up to 6 hours
  • STS (temporary credentials): valid up to 36 hours
  • IAM user (long-term credentials): valid up to 7 days when using signature v4
  • IAM user (long-term credentials): valid till the end of the epoch when using signature v2

Note specifically:

  • signature v2 is potentially deprecated
  • the expiration limit for signature v2 is different to signature v4
  • signature v4 offers some security and efficiency benefits over v2
  • if you use STS credentials to generate a pre-signed URL then the URL will expire when the STS credentials expire, if that is earlier than the explicit expiration that you requested for the pre-signed URL
  • creating pre-signed URLs that are valid till the end of the epoch is not the best security practice

For more, see:

  • Why is my pre-signed URL for an Amazon S3 bucket expiring early?
  • What is the longest expiration time for amazon s3 generated link?



回答3:


A somewhat solution for you might be to make the AWS CloudFront distribution that serves your S3 bucket with limited access to only Distribution Origin Access Identity and then using CloudFront Signed urls. Which expiry time can be even in years. So for unlimited or semi-unlimited urls I would recommend such solution.



来源:https://stackoverflow.com/questions/24014306/aws-s3-pre-signed-url-without-expiry-date

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!