2 Comments
I use the following approach (AWS sdk v3 Javascript) in my lambda function:
import { GetObjectCommand, S3Client } from "@aws-sdk/client-s3"; const client = new S3Client({ region }); // perhaps we can pass here credentials of IAM user const command = new GetObjectCommand({ Bucket: bucket, Key: key }); const url = await getSignedUrl(client, command, { expiresIn: 4320000 }); // I expect that link will expire in 5 days
But the problem is the link expires in ~12-14hours. Here is the fragment of cloudformation template:
Resources: LambdaFunctionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: "Allow" Action: "sts:AssumeRole" Path: "/" GetPresignedUrlFunction: Type: AWS::Serverless::Function Properties: FunctionName: !Sub "get-presigned-url-${EnvName}" Handler: getPresignedUrl.handler Role: !GetAtt LambdaFunctionRole.Arn
Should I use credentials of IAM user for S3Client constructor options like:
const client = new S3Client({ region, credentials: { accessKeyId: 'test', secretAccessKey: 'test' }});
replied 2 days ago
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Relevant content
- asked 6 years ago
- asked a month ago
- Accepted Answerasked 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 23 days ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago