S3 link with longer expiration

Using S3 pre-signed urls unfortunately is not possible to go beyond the 7 days.

One possible solution is to use CloudFront signed urls, these don't have a "limit" on how long the urls can be valid. S3 bucket will still remain private.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html

Java Example:

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CFPrivateDistJavaDevelopment.html

See this detailed answer for a description of the limitation on the days.

Generating read only credentials for the client would not work well because the client would have to use those credentials to either create their own pre-signed URL (no different than you doing it now -- it will still expire in a max of 7 days) or use an AWS SDK to directly download the file without a pre-signed URL.

Using SigV4 and having a constant link for longer than 7 days could be done with a middle layer (like a REST endpoint) whose URL does not change and serves up the file when requested.

S3 link with longer expiration

Tags:

Java

Amazon S3

Amazon Web Services

Aws Sdk

Related

Recent Posts