AmazonS3 GetPreSignedUrlRequest max Expires date

Question

I'm generating pre-signed urls with AmazonS3 .NET SDK. They were working fine but they have stopped working now. I used to set an Expires date near to year 2038 because I wanted to make them as permanent as posible. I used 2038 because that date is an epoch date and there is the Year 2038 problem (http://en.wikipedia.org/wiki/Year_2038_problem). The SDK doesn't limit you on the date but it seems that when you access the url it gives you an Access Denied with the following message:

<Message>Invalid date (should be seconds since epoch): 2147500800</Message>

Does anyone know if there are any limits with the Expires date?

Answer 1

Recent update as of 2020-12-18

Expire date limits, based on who creates the temporary token:

1. AWS Identity and Access Management (IAM) instance profile: Valid up to six hours
2. AWS Security Token Service (STS): Valid up to 36 hours when signed with permanent credentials, such as the credentials of the AWS account root user or an IAM user
3. IAM user: Valid up to seven days when using AWS Signature Version 4

I took it from here.

Answer 2

Confirmed the issue of Year 2038 problem in AWS S3 presignedURL.

I've tested until 01-19-2038 UTC 03:00:00 and it still works.

However, to avoid time screw i choose to use 01-19-2038 UTC 00:00:00

Answer 3

It looks like you already know the answer to this.

A quick test reveals that expiry dates after approximately 03:14 UTC on Tuesday, 19 January 2038 do indeed fail. You've run into the bug in the wikipedia article you linked to.