AWS S3 Object become inaccessible after certain amount of time

Question

I am trying to read an S3 file using the SDK. I have a service that reads and processes this CSV file. When I create a new bucket and add files and make a call to read the CSV file it works fine. But if I try to make the same call after certain amount of time I get the below error:

{
  "message": "Internal server error occurred. due to : Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied)"
}

I have verified that I have the necessary actions for the role that runs my service:

"s3:ListBucket",
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads",
"s3:GetObject"

I also verified that even changing to "Public Access" doesn't resolve this issue.

Answer 1

If you're using a URI and the S3 bucket isn't public (for example, hosts a website), then you're likely using a PreSigned URL to access your file. This looks something like:

https://bucket-name.s3.us-west-1.amazonaws.com/path/fileName?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA123456789%2F20220324%2Fus-west-1%2Fs3%2Faws4_request&X-Amz-Date=20220324T165912Z&X-Amz-Expires=60&X-Amz-SignedHeaders=host&X-Amz-Signature=1234567890abcdef

This URL has a limited lifetime. The one I show above expires in 60 seconds. That means that I can access it for only 60 seconds - if I try after that time I get:

<?xml version="1.0" encoding="UTF-8"?>
<Error>
    <Code>AccessDenied</Code>
    <Message>Request has expired</Message>
    <X-Amz-Expires>60</X-Amz-Expires>
    <Expires>2022-03-24T17:00:12Z</Expires>    
    <ServerTime>2022-03-24T17:05:12Z</ServerTime>
    <RequestId>ABCDEFGHI</RequestId>
    <HostId>someverylongstring</HostId>
</Error> 

If you can access your file via an API then you only need an access key and secret key and your access will not expire unless your credentials do. Otherwise, you'll need to keep generating the presigned URL's every time you need to access the file.