S3 Presigned URL Flashcards
For what are pre-signed URLs used? What problem do they solve?
Provides temporal access to private resources without needing to make public a private bucket or give credentials or an AWS account to unknown users.
Example or UC of presigned URL:
Users of applications do not need to have an IAM user, they can get access through the app and get access to read, download or upload objects to private buckets.
What information is required to make a request to S3 to generate a presigned URL?
- Security credentials
- Bucket name
- Object key
- Expiry date and time
- Indicate how the object will be accessed
What information is encoded in the presigned URL?
The provided data upon creation.
- Security credentials
- Bucket name
- Object key
- Expiry date and time
- Indicate how the object will be accessed
What is the process to get a presigned URL? (mention steps)
- Request to S3 to generate presigned URL
- S3 returns the presigned URL
- Presigned URL is shared with the unauthenticated user (in some way)
- The user can upload or download (PUT or GET) data
What access can a pre-signed URL provide?
Access to a bucket or specific objects
Do pre-signed URLs make sense when using public buckets?
No, it is used normally to provide access to private buckets to unauthenticated resources
Can you create a pre-signed URL for an object you do not have access to?
Yes, you can still get the pre-signed URL but the object will not allow access because the requestor’s user does not have access to it.
Is it recommendable to generate presigned URLs using IAM roles and why?
It is not recommended because the role will likely expire before the URL does.
You should always use long term identities to generate URLs, generally IAM users.
