Can I set PreSignedUrl expire date to forever?

[ShahriatHossain]

I am saving presignedUrl into our database and when I browse the url 10 days later or more the url is broken that means expired, can I make this enable for forever use? or has any alternate of presigned url so that I can direct show the file from amazon to our app like the presign work but without expire time or date?

[gokarnm]

You cannot create a presigned URL without an expiration date. Signature Version 4 has a max expiration of 7 days and Signature Version 2 has a max expiration of a year.

[ShahriatHossain]

So, how can I set Signature Version 2 in my code below so that I can get 1 year expiration date:

var credentials = new BasicAWSCredentials("xxxxxxxxxx", "xxxxxxx");
var client = new AmazonS3Client(credentials, RegionEndpoint.APSouth1);
var expiryUrlRequest = new GetPreSignedUrlRequest()
{
    BucketName = "xxxxxx",
    Key = keyName,
    Expires = DateTime.Now.AddDays(7)
};
url = client.GetPreSignedURL(expiryUrlRequest);

can you suggest me how can I use signature version 2 in my existing code?

[gokarnm]

An alternate solution would be to create the presigned URLs at the point they need to be displayed, instead of creating it in advance and saving it.

You can use Signature Version 2 by setting AWSConfigsS3.UseSignatureVersion4 = false; . Please note that not all AWS regions support Signature Version 2.

From http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html -
Amazon S3 supports Signature Version 4, a protocol for authenticating inbound API requests to AWS services, in all AWS regions. At this time, AWS regions created before January 30, 2014 will continue to support the previous protocol, Signature Version 2. Any new regions after January 30, 2014 will support only Signature Version 4 and therefore all requests to those regions must be made with Signature Version 4.

[gokarnm]

Closing this issue, feel free to reopen if you have further questions.

[sitoftonic]

In my case, I need to extend the lifespan of a signed url more than one week because I'm planning to add images from a protected bucket into emails, and once the email is sent, I cannot change the source code.

For anyone looking for a solution without messing with more AWS infrastructure or with an insecure and potentially deprecated version other than v4, what I have done is create a custom public link gateway in my own API, where I generate a JWT signed by myself for every file I want to share and define a custom expiry time in that JWT. Then, when I receive a valid JWT, I generate a new signed url with AWS S3 SDK with a limited expiry time (one hour for example) and redirect the incoming request to this generated url.