15

Is this safe? Maintaining security using a pre-signed url with AWS S3 Bucket object?

<a href="https://mywebsite.s3.amazonaws.com/40.pdf?AWSAccessKeyId=[my access key]&Expires=1433297453&Signature=[this random set of numbers]">my link</a>

Another words - part 1...

say I'm storing a bunch of separate individual's files in a bucket. I want to provide a link to a file for a user. Obviously, each file is uniquely but consecutively named, I don't want people to be able to change the link from 40.pdf to 30.pdf and get a different file. This URL seems to do that.

part 2, and more importantly....

Is this safe or is a it dangerous method of displaying a URL in terms of the security of my bucket? Clearly, i will be giving away my "access key" here, but of course, not my "secret".

Already answered 3 years ago... sorry. How secure are Amazon AWS Access keys?

Community
  • 1
  • 1
Skinner
  • 1,461
  • 4
  • 17
  • 27

1 Answers1

28

AWS Security Credentials are used when making API calls to AWS. They consist of two components:

  • Access Key (eg AKIAISEMTXNOG4ABPC6Q): This is similar to a username. It is okay for people to see it.
  • Secret Key: This is a long string of random characters that is a shared secret between you and AWS. When making API calls, the SDK uses the shared secret to 'sign' your API calls. This is a one-way hash, so people cannot reverse-engineer your secret key. The secret key should be kept private.

A Signed URL is a method of granting time-limited access to an S3 object. The URL contains the Access Key and a Signature, which is a one-way hash calculated from the object, expiry time and the Secret Key.

A Signed URL is safe because:

  • It is valid for only a limited time period that you specify
  • It is valid only for the Amazon S3 object that you specify
  • It cannot be used to retrieve a different object nor can the time period be modified (because it would invalidate the signature)

However, anyone can use the URL during the valid time period. So, if somebody Tweets the URL, many people could potentially access the object until the expiry time. This potential security threat should be weighed against the benefit of serving traffic directly from Amazon S3 rather than having to run your own web servers.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • 3
    A custom policy can also restrict to a certain IP, reducing the potential security threat as now only someone internal to say an organisation can use it. – Rudiger Jun 29 '18 at 19:50