CODEWITHSUNDEEP
amazon-web-servicesamazon-s3amazon-cloudfrontpre-signed-url
jc18
jc18

Reputation: 1

S3 Presigned Urls - Is there a way to hide/change the raws S3 url part of the presigned url

https://yourbucket.s3.eu-west-1.amazonaws.com/yourfile.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=some-aws-credential-to-identify-the-signer&X-Amz-Date=timestamp-of-generation&X-Amz-Expires=validity-from-generation-timestamp&X-Amz-Signature=4709da5a980e6abc4ab7284c1b6aa9e624f388e08f6a7609e28e5041a43e5dad&X-Amz-SignedHeaders=host

The above is an example of an S3 presigned url. Is there anyway to hide the bucket part of the presigned url or change it to a domain name in the presigned url.

to be https://custom.domain.com/yourfile.pdf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=some-aws-credential-to-identify-the-signer&X-Amz-Date=timestamp-of-generation&X-Amz-Expires=validity-from-generation-timestamp&X-Amz-Signature=4709da5a980e6abc4ab7284c1b6aa9e624f388e08f6a7609e28e5041a43e5dad&X-Amz-SignedHeaders=host

I tried changing the presigned url to a custom domain, but it doesn't work. I used S3 GetPreSignedUrlRequest Method to generate the presigned url by setting key, bucketname and expires

What I would like to know

  1. Is there a way to change the presigned url behaviur to not show the bucketname and region.?
  2. Are there any security risks in allowing users to view the
    bucketname and region in the presigned url?

Any suggestions would be much appreciated. Thanks

Upvotes: 0

Views: 824

Answers (1)

Ashutosh Yadav
Ashutosh Yadav

Reputation: 7

The structure of a presigned URL, including the presence of the bucket name and region, is inherent to how Amazon S3 generates these URLs. The bucket name is part of the path and is required for uniquely identifying the resource. Unfortunately, you cannot change the behavior to exclude the bucket name and region from the presigned URL.

My Suggestion will be - If you are using a custom domain, consider configuring your S3 bucket as a static website and use virtual hosted-style URLs. This makes the URLs look cleaner, but be aware that it might not be applicable for all scenarios.

In conclusion, exposing the bucket name and region in presigned URLs is a standard practice and generally secure. Ensure proper access controls and keep presigned URLs short-lived to mitigate any potential risks. If the aesthetic aspect of the URL is crucial, consider using a static website configuration with virtual hosted-style URLs.

Upvotes: 0

Related Questions