I am trying to create a presigned URL for a file in my S3 bucket using go sdk.
When I run the program from command line, I get the presigned URL which doesn't contain the X-Amz-Security-Token.
But if I use the same code from a lambda function, I always get the X-Amz-Security-Token in the URL.
I am not sure why this behaviour is different.
Here is the code -
func CreatePreSignedURL(bucketName string, path string) (string, error) {
sess, err := session.NewSession(&aws.Config{
Region: aws.String("us-east-1")},
)
svc := s3.New(sess)
req, _ := svc.GetObjectRequest(&s3.GetObjectInput{
Bucket: aws.String(bucketName),
Key: aws.String(path),
})
urlStr, err := req.Presign(60 * time.Minute)
if err != nil {
fmt.Println("error in generarting presigned URL is ", err)
return urlStr, err
}
return urlStr, nil
}
The URL generated by lambda is quite long, for my application I am expecting a shorter URL without X-Amz-Security-Token
When the function is run in your command line, it generates pre-signed URLS with IAM credentials possibly stored in environment variables or in ~/.aws/config.
Temporary credentials are assigned for the IAM role associated 1 with the function when invoked in AWS Lambda environment.
AWS necessitates that requests made with temporary credentials include x-amz-security-token header. 2
I don't find the length of the URL to be an issue here.
If you like to keep a consistent behavior locally and in the Lambda function environment, an easy way to go is to set the AWS credentials in the environment of the Lambda function.