AWS S3 signed URL contains AccessKeyId

Question

I am new to Amazon AWS S3 and I was wondering why my signedURL contains my AccessKeyId. Isn't that a security issue, so that other people who have the URL have my accessKey and could potentially get access to my account / bucket?

const getURL = async (key) => {

  const params = {
    Bucket: myBucket,
    Key: key, 
    Expires: 60,
  };
  
  const url = await new Promise((resolve, reject) => {
    s3.getSignedUrl("getObject", params, function (err, url) {
      if (err) {
        reject(err);
      }
      resolve(url);
    });
  });

  console.log(url) // signed URL that contains the AccessKeyId and Signature
}

score 0 · Answer 1 · answered Jul 31 '21 at 23:01

0

AccessKeyId is not a secret. Think of it as a username. The SecretAccessKey is the one that should be kept secret.

answered Jul 31 '21 at 23:01

jellycsc

10,904
2
15
32

AWS S3 signed URL contains AccessKeyId

1 Answers1