We have created STS session token system for file accessing on AWS S3 Bucket using AWS SDK for .Net with a time range of 900 sec which is actually (15 mins), if trasfer time took more time (more than 15 minutes for a file to complete upload) can i create new key and resume the upload is it possible to handle it using AWS sdk?
Handling AWS STS key expiration while a file transfer to AWS S3?
Asked Answered
Did you find any solution to this. I assume, the keys are only checked before the start of operation, so even if operation does not complete within 15 minutes, it would not halt. I myself am using same technique with AWS javascript for multi-part upload. Unfortunately, I don't have a file that large which will take more than 15 minutes to complete, and hence cannot test this. Maybe I can throttle my net speed to 10 KBPS and try to test this. :D –
Ule
First off, in the code where you call the STS API you can specify the expiry expressed in seconds. The default is indeed 900 seconds but it can manually be set to higher values.
AWS requires your credentials to be valid at the beginning of every API call, but will not interrupt an ongoing operation if they expire mid-call. So if you are using S3's standard PUT API and a single call takes longer than your credentials' lifetime, that's fine.
In the case of multi-part uploads your point of origin will send multiple GET requests. Each of these requests will represent a small piece of the data it wants to download. If the time range has expired, every GET request after this will be rejected.
There are several methods of handling token renewal within AWS. One would be to check the token before every request and check if it has reached for example, half-life. If it has, renew it with the STS API. This example is documented somewhat here.
© 2022 - 2024 — McMap. All rights reserved.