0

According to this piece of official doc, if I generate a presigned link it will expire sooner or later and I want to have unchangeable links that I could store in a DB. The reason for doing so is that it would make those links cacheable thereby avoiding loading them over and over again.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
one_tit_shark
  • 89
  • 1
  • 6
  • It is not possible to create a pre-signed URL with an expiry period of more than 7 days. Why don't you get your back-end to simply generate the pre-signed URL when it is needed? It's just a couple of lines of code and does not involve an API call to AWS. – John Rotenstein Oct 28 '21 at 10:48
  • @JohnRotenstein I see. Hmmm I don't think I understand what you mean by "generate the pre-signed URL when it is needed". Would you please be a little bit more specific? You mean regenerate them only when their TTL is expired? In our app we've got users who have avatars and some other profile photos, there's also this feed functionality that allows users to scroll through a list of other users. Those users are returned to the client as an array of objects and the User objects contain aws generated links. – one_tit_shark Oct 28 '21 at 11:29
  • @JohnRotenstein What the front end devs don't like is that loading these user photos takes time which leads to bad user experience. So they cached the links but then found out that the links are new every time they make a request to the server. So the FE devs wish those links were always the same. – one_tit_shark Oct 28 '21 at 11:29
  • Are the avatar and other photos considered public? If so, you can make them publicly readable and not have to use a temporary pre-signed URL at all. Also, see [AWS S3 pre signed URL without Expiry date](https://stackoverflow.com/questions/24014306/aws-s3-pre-signed-url-without-expiry-date). – jarmod Oct 28 '21 at 11:35
  • If those ideas don't help, you could deploy a simple API Gateway/Lambda solution where your client's GET request for the avatar actually hits your Lambda-backed API via API Gateway and your Lambda function generates a pre-signed URL for the requested object, and responds to the client with a 302 redirect response indicating the pre-signed URL. But, obviously more complex than my earlier suggestions so look at those first. – jarmod Oct 28 '21 at 11:39
  • @jarmod Yes, that's exactly the case, they are public. And that's what I would like to do, I suppose - not to use a temp presigned url at all. The problem is that I don't understand how to do that. I didn't find it in the documentation. – one_tit_shark Oct 28 '21 at 12:09
  • @jarmod As I see it, something needs to generate a link, be that a presigned one or just an ordinary, permanent one. I think I understand how it works in regard to the presigned links, but how to generate a not-presigned url...that's the question. – one_tit_shark Oct 28 '21 at 12:17
  • If they're public, then the URL is of the form https://mybucket.s3.amazonaws.com/myfolder/cat.png. More generally, see [here](https://stackoverflow.com/questions/7933458/how-to-format-a-url-to-get-a-file-from-amazon-s3). – jarmod Oct 28 '21 at 12:21
  • @jarmod Ah, I see now. That does the trick. Thank you! – one_tit_shark Oct 28 '21 at 12:43

1 Answers1

0

If the avatar/photo objects are publicly readable, then you don't need to create pre-signed URLs. Simply share each public URL, which is of the form:

https://mybucket.s3.amazonaws.com/myavatars/shark.png

More generally, see here.

If the objects are private, then the standard way to make them available to non-AWS users is to share pre-signed URLs. For more on the duration of pre-signed URLs, see here.

jarmod
  • 71,565
  • 16
  • 115
  • 122