0

I am using the node aws sdk to generate v2 signed urls for s3 objects and I have a few questions. The files are being hosted using digital ocean and not amazon.

  1. I want to add custom get params to the URLS. I have found documentation that suggests you can do it with the v4 signing but I want to use v2. I have tried appending the get params to the url after its generated which seems to work fine, Is there something I am missing that could cause problems with doing this. Docs I found: https://github.com/aws/aws-sdk-js/issues/3656

  2. The reason I don't want to use v4 is because the v4 signing includes the date/time the url was generated. Is there any way to remove this param and still use v4?

  3. I have also read that v2 signing has been deprecated. I noticed the method I use is synchronous, getSignedUrl(), so doesn't make any http requests to generate the link. Because this don't require external data/code Is it safe to assume If I opt for v2 signatures they will work for the foreseeable future?

Thanks a lot

ebg11
  • 906
  • 1
  • 12
  • 33
  • Strange mix here: using the AWS SDK to pre-sign objects in Digital Ocean, using a deprecated feature, and modifying the signed URLs after creation. On #1, I think post-v4-signing modification will invalidate the URL. On #2, same. On #3, no-one on StackOverflow can answer your question about the future viability of a deprecated feature. – jarmod Apr 08 '21 at 17:17
  • Yea I realise it's an odd set of questions. It seems digital ocean spaces has been built on s3 and I have very little aws experience. I would prefer to use the v4 link but the generated time is a problem for me, do you know of a method to generate the v4 link without the date/time It was created? – ebg11 Apr 08 '21 at 17:30
  • 1
    X-Amz-Date and X-Amz-Expires, if that's what you're referring to, are integral to the AWS pre-signed URL. What's your concern with the date? – jarmod Apr 08 '21 at 17:55
  • yes thats the one I am referring to... I would prefer to keep the generation time unknown, similar to the v2 signatures – ebg11 Apr 08 '21 at 18:05
  • Note that sigv4 URLs are time-limited so they're no use to your consumers beyond a certain date/time anyway (7 days max). One option would be for you to share your own manufactured URLs, stand up an API server that receives those URLs, and have that API server dynamically generate an AWS pre-signed URL and then send a 302 redirect to the client. – jarmod Apr 08 '21 at 19:06
  • Thanks for the suggestions :). I will have a think and choose an option – ebg11 Apr 08 '21 at 19:56

0 Answers0