AWS S3 pre signed URL without Expiry date

Question

Is there any way that I can generate Pre-Signed URL\'s without any expiry date ? I\'m developing a Email app where my attachments will be saved in S3. Also please let me kno

Answer 1

It depends on how you generate the S3 pre-signed URL. Specifically, which signature version you use and what type of IAM credentials you use.

The credentials that you can use to create a pre-signed URL include:

• IAM instance profile (temporary, rotated credentials): valid up to 6 hours
• STS (temporary credentials): valid up to 36 hours
• IAM user (long-term credentials): valid up to 7 days when using signature v4
• IAM user (long-term credentials): valid till the end of the epoch when using signature v2

Note specifically:

• signature v2 is potentially deprecated
• the expiration limit for signature v2 is different to signature v4
• signature v4 offers some security and efficiency benefits over v2
• if you use STS credentials to generate a pre-signed URL then the URL will expire when the STS credentials expire, if that is earlier than the explicit expiration that you requested for the pre-signed URL
• creating pre-signed URLs that are valid till the end of the epoch is not the best security practice

For more, see:

• Why is my pre-signed URL for an Amazon S3 bucket expiring early?
• What is the longest expiration time for amazon s3 generated link?