• 9
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

Amazon S3 - How to Check if Presigned URL is Expired?

If I have a generated Presigned URL that expired, should I be doing get_headers() (in PHP) to see if a 403 Forbidden error is thrown, otherwise use that same URL? Or is that a bad idea because it's an unnecessary GET request? Should I always just regenerate a new Presigned URL every time? I'm a little confused because there doesn't seem to be much information about this.

The URL has the time it expires at.

Signature Version 2

htt ps://bucket.s3.amazonaws.com/foo.txt?AWSAccessKeyId=AKIAABCDEFGHIJK&Expires=1508608760&Signature=xxxxxxxxxxx

Expires gives the time in UTC.

$ date -d @1508608760
Sat Oct 21 17:59:20 UTC 2017

You can extract the value and compare it with the current time in UTC [time()], then decide to regenerate or not.


Signature Version 4

htt ps://s3.amazonaws.com/bucket/foo.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256& X-Amz-Expires=3600&X-Amz-Credential=AKIAJRZXXXXXXXXus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20171021T190750Z&X-Amz-Signature=8b84ae9b59e9f8a8d7066ecc39e797c8dc29848abcdef61717

X-Amz-Date gives the UTC time in ISO 8601 format.

You can extract the value, convert it to epoch/UTC and compare it with the current time in UTC [time()], then decide to regenerate or not.

  • 16
Reply Report
    • @D-Marc X-Amz-* is the newer format, called Signature Version 4. Regions where AWS services were rolled out before about 2014 support those plus the older style, called Signature Version 2.
    • Awesome solution, don't know why I hadn't thought of that. However, for me, Amz-Expires is the expiration time in seconds, while X-Amz-Date is the the timestamp

If you use Memcached (or similar), you have the option to push the presigned url in Memcached with the same expiration time. Something like this (pseudo-php code):

$mc->set($your_key, $url, $expiration);

So, you can get the url using

$url = $mc->get($your_key);

If $mc->get returns false, you have to re-generate the presigned url.

  • 0
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags

Related Questions