I have a pipeline, which creates an artifact in the build stage. For this artifact I have the bucketName
the objectKey
as well as some
{
"accessKeyId": "...",
"secretAccessKey": "...",
"sessionToken": "...",
"expirationTime": 1670840680000
}
As I cannot install the deployment agent on the instance I want to deploy to, I need to use wget for fetching the artifact from s3.
I struggle to find out how to construct the url correctly as I always get 403
s
So my question would be:
How do I create the s3 download url in a way that allows my deployment target to download the file that is created by the build stage?
CodePudding user response:
S3 URLs generally follow the pattern https://bucket-name.s3.region-code.amazonaws.com/key-name
. See this page for more details and alternatives - https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html
Note that you will not be able to access an object in S3 with wget unless it's public. If you must use wget for a non-public object, you will need to do so via a presigned URL.
Alternatively you could use the AWS CLI to fetch the file.
CodePudding user response:
OMG.. It was such a n00b mistake :D
I used a too short `expires-in``
const node = new AWS.SSM({
});
const preSignedUrl = (new AWS.S3({
signatureVersion: 'v4',
credentials: artifactCredentials
}).getSignedUrl('getObject', {
Bucket: inputArtifactsS3Location.bucketName,
Key: inputArtifactsS3Location.objectKey,
Expires: 604800
}))
This snipped generate the right url now.. of course 604800 is bit too high now.. who ever finds this.. tune it to an appropriate level for you