0

I am sending s3 signed url using SES service in Lambda code and provided token expiration time to 1 day or 1 week but still its getting expired before 1 day. I am not sure exactly till what time its valid but first hours I am able to download object.

Any suggestions what other changes I am supposed to do ?

`

 url = s3.generate_presigned_url(
                ClientMethod='get_object',
                Params={
                    'Bucket': 'bucket-name',
                    'Key': "key-name"
                },
                ExpiresIn = 604800  # 1 week
            )

`

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
user13342834
  • 13
  • 5
  • Does this answer your question? [S3 Signed Url's expiring before argument passed](https://stackoverflow.com/questions/57791307/s3-signed-urls-expiring-before-argument-passed) – Anon Coward Nov 20 '22 at 04:49
  • i am not serverless here, its just a lambda code and hence need to directly put IAM user credentials for generating signed url. Any sample code you can share ? – user13342834 Nov 20 '22 at 14:17

1 Answers1

1

https://docs.aws.amazon.com/lambda/latest/dg/lambda-intro-execution-role.html#permissions-executionrole-session

Session duration for temporary security credentials

Lambda assumes the execution role associated with your function to fetch temporary security credentials which are then available as environment variables during a function's invocation. If you use these temporary credentials outside of Lambda, such as to create a presigned Amazon S3 URL, you can't control the session duration. The IAM maximum session duration setting doesn't apply to sessions that are assumed by AWS services such as Lambda. Use the sts:AssumeRole action if you need control over session duration.

If a presigned URL is created using a temporary token, then the URL expires when the token expires, even if the URL was created with a later expiration time.

jellycsc
  • 10,904
  • 2
  • 15
  • 32
  • Thanks i understood i need to use IAN user credentials , any sample code how can i get IAM user credentials in lambda and use them to generate s3 signed url? – user13342834 Nov 20 '22 at 14:18