Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Generate S3 Presigned URL with 7 Day Expiry via Lambda and Java2.x

0

I am using aws java2x library to generate presigned URL, I am able to generate URL but its getting expired in around 1 days but I need to generate for 7 days.

generating presigned URL using software.amazon.awssdk

from my analysis I found I need to paas credentials but I a not able to find a way to pass credentials in java2x.

Also, do I need to update S3 bucket policy with statement like below:

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "Deny a presigned URL request if the signature is more than 7 days old",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::b-bucketName/*",
            "Condition": {
                "NumericGreaterThan": {
                    "s3:signatureAge": "604800000"
                }
            }
        }
    ]
}

to fix this I added above policy but not able to pass credentials.

Topics
ServerlessComputeStorageJava Development
Tags
presigned URLAWS LambdaJava Development
Language
English
asked a year ago518 views
4 Answers
2
Accepted Answer

You don’t need to explicitly pass credentials if you’re using a credentials provider from the environment. The AWS SDK for Java 2.x automatically uses default providers (e.g., DefaultCredentialsProvider) unless you override it. If you need to pass specific credentials, you can configure them like this:

AwsBasicCredentials awsCreds = AwsBasicCredentials.create("accessKeyId", "secretAccessKey");

S3Presigner presigner = S3Presigner.builder()
        .credentialsProvider(StaticCredentialsProvider.create(awsCreds))
        .build();
EXPERT
answered a year ago
EXPERT
reviewed a year ago
0

Pre-Signed URLs will never have that expiration. Read here. https://elasticscale.com/why-do-your-s3-presigned-urls-expire-after-12-hours-even-if-youve-set-a-longer-time/

EXPERT
answered a year ago
0

Thanks Giovanni Lauria for the response.

Currently we are not explicitly passing credentials.

following your suggestion I should create S3Presigner like below?

S3Presigner presigner = S3Presigner.builder() .credentialsProvider(DefaultCredentialsProvider.create()) .build();

How long these credentials DefaultCredentialsProvider will be valid in Lambda? I am looking for some option for 7 days.

answered a year ago
0

To have an expiration of 7 days, you will need to create an IAM user and create the URL as a user (Via Access Keys) and not a role.

EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content