S3 link with longer expiration

Tags: , , ,



I am generating a pre-signed link using the java sdk for a client. We have new requirements to allow the links to remain active for at least 30 days. When I set the expiration longer I get the below error:

Requests that are pre-signed by SigV4 algorithm are valid for at most
7 days

I need to determine a way around this as the client cannot accept updates to the links (say, if I just auto-generated updates weekly). Is there a way around this? Can I pass a given set of read-only creds maybe?

Answer

See this detailed answer for a description of the limitation on the days.

Generating read only credentials for the client would not work well because the client would have to use those credentials to either create their own pre-signed URL (no different than you doing it now — it will still expire in a max of 7 days) or use an AWS SDK to directly download the file without a pre-signed URL.

Using SigV4 and having a constant link for longer than 7 days could be done with a middle layer (like a REST endpoint) whose URL does not change and serves up the file when requested.



Source: stackoverflow