I'm developing an app that provides a signed URL for a Cloudfront distribution to access an S3 file, with an expiry time set to around 4 weeks. The issue I've noticed is that each time the file is accessed, a new signed URL gets generated. This leads to multiple signed URLs with staggered expiry dates, meaning that every time a user accesses the file, the expiration period can be extended. I'm wondering if most applications store these signed URLs in a database for retrieval, but this could result in a massive number of unique URLs, with one for each user. What's the best practice here? Is generating a new signed URL each time a sound approach, or should I think about storing them instead?
5 Answers
URL signing is a client-side operation. AWS doesn't keep track of them, and there's no cost associated with generating a new signed URL. In fact, it's usually easier to just create new ones each time rather than trying to manage and track existing URLs.
If you’re signing URLs for four weeks, you need a system to either manage user access or depend on the client. Personally, I wouldn't recommend such long-lived signed URLs. It's generally less CPU-intensive to generate a new URL than to keep track of those over an extended period.
You might want to store the expiration time in your database. Generate presigned URLs on demand by checking if the user's access is still valid. Use a standard expiration time, and adjust if they’re close to expiration. This way, you can minimize URL generation while managing access effectively.
I think signed URLs should ideally have a shorter validity. While longer expiration can be useful in some cases, generating those URLs could incur costs on API calls and storage. The logic for creating a new signed URL is likely cheaper than doing database lookups.
S3 sigv4 credentials are valid for up to 12 hours, provided you’re using roles. If you're handling extended access, consider using signed cookies with CloudFront instead.
Related Questions
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically
[Centos] Delete All Files And Folders That Contain a String