We have a lambda created by SST that's generating ...
# generalr
Ross Coundon
12/03/2021, 8:16 AMWe have a lambda created by SST that's generating signedUrls for GetObject from S3 and the expiry seems to be the 6 hour maximum for an IAM Instance Profile.
I think I'm not understanding the terminology here:
Copy code
The credentials that you can use to create a presigned URL include:
IAM instance profile: Valid up to 6 hours
AWS Security Token Service : Valid up to 36 hours when signed with permanent credentials, such as the credentials of the AWS account root user or an IAM user
IAM user: Valid up to 7 days when using AWS Signature Version 4
To create a presigned URL that's valid for up to 7 days, first designate IAM user credentials (the access key and secret access key) to the SDK that you're using. Then, generate a presigned URL using AWS Signature Version 4.t
thdxr
12/03/2021, 12:47 PMYeah I had this issue also
thdxr
12/03/2021, 12:48 PMThe lambda function's token is only valid for 6 hours, AWS will restart it every 6 hours so it gets a new token
thdxr
12/03/2021, 12:48 PMSo any presigned url with it won't last more than 6 hours even if you specify longer
thdxr
12/03/2021, 12:49 PMI think what I did was create IAM credentials that I used to generate the url
r
Ross Coundon
12/03/2021, 12:55 PMThanks - when you say, create IAM credentials to us to generate the URL, what does that look like?
I can provide an access key and secret key to the signer but it sounds like what you did is more secure
t
thdxr
12/03/2021, 1:49 PMLet me check in a bit what exactly I did, I don't think it was particularly good
r
Ross Coundon
12/03/2021, 2:03 PMno problem, thanks