skip to Main Content

I have a pipeline, which creates an artifact in the build stage. For this artifact I have the bucketName the objectKey as well as some

{
    "accessKeyId": "...",
    "secretAccessKey": "...",
    "sessionToken": "...",
    "expirationTime": 1670840680000
}

As I cannot install the deployment agent on the instance I want to deploy to, I need to use wget for fetching the artifact from s3.

I struggle to find out how to construct the url correctly as I always get 403s

So my question would be:

How do I create the s3 download url in a way that allows my deployment target to download the file that is created by the build stage?

2

Answers


  1. Chosen as BEST ANSWER

    OMG.. It was such a n00b mistake :D

    I used a too short `expires-in``

      const node = new AWS.SSM({
      });
      const preSignedUrl = (new AWS.S3({
        signatureVersion: 'v4',
        credentials: artifactCredentials
      }).getSignedUrl('getObject', {
        Bucket: inputArtifactsS3Location.bucketName,
        Key: inputArtifactsS3Location.objectKey,
        Expires: 604800
      }))
    

    This snipped generate the right url now.. of course 604800 is bit too high now.. who ever finds this.. tune it to an appropriate level for you


  2. S3 URLs generally follow the pattern https://bucket-name.s3.region-code.amazonaws.com/key-name. See this page for more details and alternatives – https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-bucket-intro.html

    Note that you will not be able to access an object in S3 with wget unless it’s public. If you must use wget for a non-public object, you will need to do so via a presigned URL.

    Alternatively you could use the AWS CLI to fetch the file.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search