How do I create the amazon s3 url in a way that allows my deployment target to download a file creat-CodePudding

I have a pipeline, which creates an artifact in the build stage. For this artifact I have the bucketName the objectKey as well as some

{
    "accessKeyId": "...",
    "secretAccessKey": "...",
    "sessionToken": "...",
    "expirationTime": 1670840680000
}

As I cannot install the deployment agent on the instance I want to deploy to, I need to use wget for fetching the artifact from s3.

I struggle to find out how to construct the url correctly as I always get 403s

So my question would be:

How do I create the s3 download url in a way that allows my deployment target to download the file that is created by the build stage?

CodePudding user response：

S3 URLs generally follow the pattern https://bucket-name.s3.region-code.amazonaws.com/key-name. See this page for more details and alternatives - https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html

Note that you will not be able to access an object in S3 with wget unless it's public. If you must use wget for a non-public object, you will need to do so via a presigned URL.

Alternatively you could use the AWS CLI to fetch the file.

CodePudding user response：

OMG.. It was such a n00b mistake :D

I used a too short `expires-in``

  const node = new AWS.SSM({
  });
  const preSignedUrl = (new AWS.S3({
    signatureVersion: 'v4',
    credentials: artifactCredentials
  }).getSignedUrl('getObject', {
    Bucket: inputArtifactsS3Location.bucketName,
    Key: inputArtifactsS3Location.objectKey,
    Expires: 604800
  }))

This snipped generate the right url now.. of course 604800 is bit too high now.. who ever finds this.. tune it to an appropriate level for you