You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update software.amazon.awssdk.awscore.presigner.PresignedRequest#expiration so that it returns the minimum out of the expiration time of the security credentials and the requested signed duration.
Is your Feature Request related to a problem?
It is impossible to tell when a PresignedRequest will actually expire. It makes it difficult to generate a presigned URL using an instance profile as it could expire at any time up to a maximum of 6 hours. The provided signatureDuration is practically useless except to restrict that to something less than 6 hours.
Proposed Solution
The AwsSessionCredentials would need to be modified to have an additional expiration field that is set in software.amazon.awssdk.auth.credentials.HttpCredentialsProvider#refreshCredentials. This would make a lot of sense since the STS API already returns it.
software.amazon.awssdk.services.s3.internal.presigner.DefaultS3Presigner#initializePresignedRequest can then be modified to get the AWS_CREDENTIALS attribute from the ExecutionContext and get the expiration if they are an instance of AwsSessionCredentials. Then it can use the minimum of that and the one from the PRESIGNER_EXPIRATION attribute as the expiration of the presignedRequest.
Describe alternatives you've considered
I have to maintain my own cached credentials with a known expiration time and provide them to the presigner which is just duplicating all the same logic that the default implementations already do.
Additional Context
I want to generate presigned URLs and know when they will expire.
I may be able to implement this feature request
Your Environment
AWS Java SDK version used: 2.15.25
JDK version used: 1.8
Operating System and version: Amazon Linux 2
The text was updated successfully, but these errors were encountered:
Describe the Feature
Update
software.amazon.awssdk.awscore.presigner.PresignedRequest#expiration
so that it returns the minimum out of the expiration time of the security credentials and the requested signed duration.Is your Feature Request related to a problem?
It is impossible to tell when a
PresignedRequest
will actually expire. It makes it difficult to generate a presigned URL using an instance profile as it could expire at any time up to a maximum of 6 hours. The providedsignatureDuration
is practically useless except to restrict that to something less than 6 hours.Proposed Solution
The
AwsSessionCredentials
would need to be modified to have an additionalexpiration
field that is set insoftware.amazon.awssdk.auth.credentials.HttpCredentialsProvider#refreshCredentials
. This would make a lot of sense since the STS API already returns it.software.amazon.awssdk.services.s3.internal.presigner.DefaultS3Presigner#initializePresignedRequest
can then be modified to get theAWS_CREDENTIALS
attribute from theExecutionContext
and get the expiration if they are an instance ofAwsSessionCredentials
. Then it can use the minimum of that and the one from thePRESIGNER_EXPIRATION
attribute as the expiration of thepresignedRequest
.Describe alternatives you've considered
I have to maintain my own cached credentials with a known expiration time and provide them to the presigner which is just duplicating all the same logic that the default implementations already do.
Additional Context
I want to generate presigned URLs and know when they will expire.
Your Environment
The text was updated successfully, but these errors were encountered: