Amazon S3 provides secure and direct access to objects stored in S3 buckets through signed URLs. These URLs are generated with a specific expiration time, after which they become invalid. This article provides an overview of the behavior of Amazon S3 signed links when used with eXtendFiles.

Duration of Signed Links

Amazon S3 signed links have a maximum duration of 7 days. This means that the link will remain valid and provide access to the specified S3 object for up to 7 days from the time it was generated. The exact time will depend on the expiration time set in your eXtendFiles private files settings.

Link Expiration

After the 7-day period, the signed link expires. If someone attempts to access the S3 object using the expired link, they will be directed to a ‘Request has expired’ error page. This page indicates that the signed link is no longer valid.

Resigning Links

Once a signed link has expired, it cannot be used to access the S3 object. However, the object can still be accessed by generating a new signed link. This process is known as resigning the link.

It’s important to note that the existing link cannot be resigned. Instead, a new link with a new expiration date must be generated. This new link must be used to access the file.

Frequently Asked Questions (FAQs)

1. Can the expiration time of a signed link be changed?
   Yes, the expiration time of an Amazon S3 signed link can be set at the time of its creation. However, once the link has been created, the expiration time cannot be changed. If you need to extend the access to the object, you will need to create a new signed link with a new expiration time. It’s important to note that the maximum validity of a signed URL is 7 days. This is because the signing key used in signature calculation is valid for up to seven days.
2. Is there a limit to the number of signed links I can create for an object?
   No, there is no limit to the number of signed links that can be created for an object. Each link will have its own unique expiration time which is set during the creation of the link.
3. What happens if a signed link is used after it has expired?
   If a signed link is used after its expiration, access to the S3 object will be denied. The user will be directed to a 'Request has expired' error page. To regain access, a new signed link must be generated.
4. Can I create a signed link with no expiration?
   No, all Amazon S3 signed links must have an expiration time. The maximum duration of a signed link is 7 days. If continuous access to an object is needed, consider allowing public access to the object.