javascript - AWS S3 getSignedUrl() Returns Expired SignedURLs - Stack Overflow

Works fine on localhost but not on the Server. All the URL s returned are already expired.

<Error>
<Code>AccessDenied</Code>
<Message>Request has expired</Message>
<Expires>2016-04-26T09:44:22Z</Expires><ServerTime>2016-04-26T11:34:36Z</ServerTime><RequestId>33AF4E321F37ADA6</RequestId><HostId>+AXA3itXG9aKlt+EQkYxTHJCsxkEkymj+o2COPYo4+v26Vaxx17j/agh+hCq5NoHNzvJp2GI8Y=</HostId>
</Error>

On localhost, URL s generated for the same object differs in expires parameter but not on the Server. Same URL is returned for the same object on Server(expires param is same everytime).

Server is Amazon EC2. Credentials are saved in /.aws/credentials file on both localhost and the Server

Code from Model

var AWS = require('aws-sdk');
var s3 = new AWS.S3();

exports.download = function (req, res) {

    var fileName = req.params.name;

    var key = req.user._id + '/' + fileName;

    var params = { Bucket: 'myBucket', Key: key };

    s3.getSignedUrl('getObject', params, function (err, url) {

        if (err) {
            console.log('Getting Signed URL', err);
            res.send(err);
        } else {
            console.log('Getting Signed URL', url);
            res.send(url);            
        }
    });
};

Edited CORS Configuration on S3

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

Works fine on localhost but not on the Server. All the URL s returned are already expired.

<Error>
<Code>AccessDenied</Code>
<Message>Request has expired</Message>
<Expires>2016-04-26T09:44:22Z</Expires><ServerTime>2016-04-26T11:34:36Z</ServerTime><RequestId>33AF4E321F37ADA6</RequestId><HostId>+AXA3itXG9aKlt+EQkYxTHJCsxkEkymj+o2COPYo4+v26Vaxx17j/agh+hCq5NoHNzvJp2GI8Y=</HostId>
</Error>

On localhost, URL s generated for the same object differs in expires parameter but not on the Server. Same URL is returned for the same object on Server(expires param is same everytime).

Server is Amazon EC2. Credentials are saved in /.aws/credentials file on both localhost and the Server

Code from Model

var AWS = require('aws-sdk');
var s3 = new AWS.S3();

exports.download = function (req, res) {

    var fileName = req.params.name;

    var key = req.user._id + '/' + fileName;

    var params = { Bucket: 'myBucket', Key: key };

    s3.getSignedUrl('getObject', params, function (err, url) {

        if (err) {
            console.log('Getting Signed URL', err);
            res.send(err);
        } else {
            console.log('Getting Signed URL', url);
            res.send(url);            
        }
    });
};

Edited CORS Configuration on S3

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws./doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

• javascript
• node.js
• amazon-s3
• amazon-ec2
• mean-stack

Share Improve this question Follow asked May 9, 2016 at 7:00 katukatu 36722 gold badges44 silver badges1414 bronze badges 8

• The documentation says that it will default to a validity period of 15 minutes, so that result is strange. Have you tried passing an Expires value? See: getSignedUrl() documentation – John Rotenstein Commented May 9, 2016 at 8:57
• I passed the Expires value. Same result. – katu Commented May 9, 2016 at 9:23
• Can you extract the expiration time from the resulting URL to check its value? (It would be in UTC.) – John Rotenstein Commented May 9, 2016 at 9:25
• File was just uploaded. Result of URL in browser.<Error><Code>AccessDenied</Code><Message>Request has expired</Message><Expires>2016-05-09T09:27:53Z</Expires><ServerTime>2016-05-09T09:28:58Z</ServerTime><RequestId>35CA4C50C6F689E3</RequestId><HostId>/OswGs5Ixdpx5+ngNyBLwgnm1PWGqm4MhcfSNHHGLWEDLDg1I+FVcOHPfcvGEwvVTt1RIIK870M=</HostId></Error> – katu Commented May 9, 2016 at 9:30
• How about the actual Signed URL? Can you see the expiry time in the URL that is sent to S3? – John Rotenstein Commented May 9, 2016 at 9:38

 |  Show 3 more ments

3 Answers 3

Sorted by: Reset to default 1

...
// here you need to provide signed URL expiration time as the 3rd parameter
var params = { Bucket: 'myBucket', Key: key , Expires: <expire time>};

s3.getSignedUrl('getObject', params, function (err, url) {
...

Will probably not apply to this specific question, but I'm adding this in case anyone runs into this question like I did while trying to solve my problem. I had the same issue of expired signed URLs because I'm using WSL2 + Docker in my dev environment, and after putting my laptop to sleep the clock got messed up. The "fix" was to restart WSL2. There are other options but I didn't get the chance to test them. There are some extra details in this issue

When you generate file link you will have something like

https://bucket.s3.amazonaws./image2.png?SOME_INFO&X-Amz-Expires=900&SOME_INFO

You need X-Amz-Expires=900. This parameter means count of secont when your SignedUrl will expire.

To increse time, you an use some example

const aws = require('aws-sdk');

const s3 = new aws.S3({
    signatureVersion: 'v4',
    region: 's3-region'
});

const s3FileObject = {
  Bucket: 'your-bucket-name',
  Key: 'file-name.jpg',
  Expires: 60 * 60 // Seconds count
};

const url = s3.getSignedUrl('getObject', s3FileObject);

console.log(url);