Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
4.2k views
in Technique[技术] by (71.8m points)

amazon web services - AWS Lambda create presigned URL for S3 using invoked credentials

I'm trying to create a presigned URL for a S3 bucket in AWS Lambda (Python 3.7) that is signed using the credentials of the person that invoked the Lambda function via API Gateway.

The flow would be:

  1. User sends HTTP request to API Gateway, which is secured using Amazon Cognito.
  2. The API gateway then invokes a Lambda function, which knows who the original user is.
  3. The Lambda function then generates a presigned URL for the S3 bucket using the original user's credentials, rather than the default Lambda role etc.

I have managed to generate a presigned URL using the default Lambda role, just haven't managed to make this use the original user's credentials. Any direction in this would be great, thanks.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Assuming you can pass the access token, you may generste temporary credentials using GetCredentialsForIdentity


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...