Generate S3 Presigned URL with 7 Day Expiry via Lambda and Java2.x

0

I am using aws java2x library to generate presigned URL, I am able to generate URL but its getting expired in around 1 days but I need to generate for 7 days.

generating presigned URL using software.amazon.awssdk

from my analysis I found I need to paas credentials but I a not able to find a way to pass credentials in java2x.

Also, do I need to update S3 bucket policy with statement like below:

{
    "Version": "2008-10-17",
    "Id": "PolicyForCloudFrontPrivateContent",
    "Statement": [
        {
            "Sid": "Deny a presigned URL request if the signature is more than 7 days old",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::b-bucketName/*",
            "Condition": {
                "NumericGreaterThan": {
                    "s3:signatureAge": "604800000"
                }
            }
        }
    ]
}

to fix this I added above policy but not able to pass credentials.

4 Answers
2
Accepted Answer

You don’t need to explicitly pass credentials if you’re using a credentials provider from the environment. The AWS SDK for Java 2.x automatically uses default providers (e.g., DefaultCredentialsProvider) unless you override it. If you need to pass specific credentials, you can configure them like this:

AwsBasicCredentials awsCreds = AwsBasicCredentials.create("accessKeyId", "secretAccessKey");

S3Presigner presigner = S3Presigner.builder()
        .credentialsProvider(StaticCredentialsProvider.create(awsCreds))
        .build();
profile picture
EXPERT
answered 4 months ago
0
profile picture
EXPERT
answered 4 months ago
0

Thanks Giovanni Lauria for the response.

Currently we are not explicitly passing credentials.

following your suggestion I should create S3Presigner like below?

S3Presigner presigner = S3Presigner.builder() .credentialsProvider(DefaultCredentialsProvider.create()) .build();

How long these credentials DefaultCredentialsProvider will be valid in Lambda? I am looking for some option for 7 days.

answered 4 months ago
0

To have an expiration of 7 days, you will need to create an IAM user and create the URL as a user (Via Access Keys) and not a role.

profile picture
EXPERT
answered 4 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions