Handling AWS STS key expiration while a file transfer to AWS S3?

Question:

We have created STS session token system for file accessing on AWS S3 Bucket using AWS SDK for .Net with a time range of 900 sec which is actually (15 mins), if trasfer time took more time (more than 15 minutes for a file to complete upload) can i create new key and resume the upload is it possible to handle it using AWS sdk?

Answer:

First off, in the code where you call the STS API you can specify the expiry expressed in seconds. The default is indeed 900 seconds but it can manually be set to higher values.

AWS requires your credentials to be valid at the beginning of every API call, but will not interrupt an ongoing operation if they expire mid-call. So if you are using S3’s standard PUT API and a single call takes longer than your credentials’ lifetime, that’s fine.

In the case of multi-part uploads your point of origin will send multiple GET requests. Each of these requests will represent a small piece of the data it wants to download. If the time range has expired, every GET request after this will be rejected.

There are several methods of handling token renewal within AWS. One would be to check the token before every request and check if it has reached for example, half-life. If it has, renew it with the STS API. This example is documented somewhat here.

Source (Graeme@AWS)

Leave a Reply