Monday, December 30, 2019

S3 Presigned URL

S3 Presigned URL


Temporary credential that can be generated and given to anyone to allow temporary access to a bucket or an object.

Permission granted can only be at the same level as the role used to generate the presigned URL

Presigned URL includes the following:
  • X-Amz-Algorithm
  • X-Amz-Expires
  • X-Amz-Date
  • X-Amz-SignedHeaders
  • X-Amz-Security-Token
  • X-Amz-Credential
  • X-Amz-Signature
Presigned URL is valid for either one of the below
  • 3600 seconds is none is defined
  • Seconds as defined by "--expires-in" flag
  • Expired time of the role used to generate the URL
CORS Configuration must be defined to allow external URL to gain access if the user is trying to retrieve the target object from another webpage

Example (via PowerShell)

1
2
3
4
5
6
$s3uri = "myBucket/mylogs/important.log"
$expireSec = 120
$output = aws s3 presign $s3uri --expires-in $expireSec
$objIE = new-object -ComObject InternetExplorer.Application
$objIE.Navigate($output)
$objIE.visible = $true
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

AWS WAF log4j query

How to query AWS WAF log for log4j attacks 1. Setup your Athena table using this instruction https://docs.aws.amazon.com/athena/latest/ug/wa...

  • AWS WAF log4j query
    How to query AWS WAF log for log4j attacks 1. Setup your Athena table using this instruction https://docs.aws.amazon.com/athena/latest/ug/wa...
  • Terraform Errors
    Terraform Notes Terraform Errors The given key does not identify an element in this collection value. Error: Invalid index on main...
  • AWS Policy Conditions
    AWS Policy Conditions References: Condition Policy Element Condition with Multiple Keys or Values Multiple Conditions Multiple conditions ar...