Add custom query parameters when creating S3 Presigned URLs through exposing options/middleware #2932
Closed
1 of 2 tasks
Labels
feature-request
A feature should be added or improved.
Comments
wspurgin
added
feature-request
wspurgin
changed the title
|
We already have a generic way to do this - until we add HTTP interceptors (#2839) the blessed way to modify the transport request in SDK v2 is middleware. |
|
This issue is now closed. Comments on closed issues are hard for our team to see. |
|
Thanks @lucix-aws - appreciate the link to documentation and the issue to track for HTTP interceptors! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the feature
As described in AWS blog post, you can hook into the SigV4 process to add custom query parameters to the generated presigned URLs.
As in the scenario of that blog post, this is incredibly useful to create per-requestor Presigned URLs and have that traceability in the access logs for those objects in Cloudtrail.
Today, the only (theoretical) way to accomplish that is through creating an entirely custom v4(a) Presigner and providing that to an S3 Presigner Client - which is thoroughly discouraged by AWS' User Guides.
Because of the complex nature of v4, I don't think it advisable to roll your own. Just as an example, getting the right keys is something internal to the module today and doing it yourself is ripe with peril.
I think, perhaps, the simplest way to support a feature like this is adding something like a RequestOptionFunc to
SignHTTPto allow a caller to modify an input request (at their own risk) - or a more specific SignOption that adds a map of string-to-string query parameters to the request before adding necessary signing parameters.Use Case
Adding custom query params for requestor logging like that described in AWS blog post without needing to roll your own v4 presigner (which is heavily discouraged by AWS)
Proposed Solution
I think, perhaps, the simplest way to support a feature like this is adding something like a RequestOptionFunc to
SignHTTPto allow a caller to modify an input request (at their own risk) - or a more specific SignOption that adds a map of string-to-string query parameters to the request before adding necessary signing parameters.Other Information
No response
Acknowledgements
AWS Go SDK V2 Module Versions Used
github.com/aws/[email protected]
github.com/aws/aws-sdk-go-v2/aws/protocol/[email protected]
github.com/aws/aws-sdk-go-v2/[email protected]
github.com/aws/aws-sdk-go-v2/[email protected]
github.com/aws/aws-sdk-go-v2/feature/ec2/[email protected]
github.com/aws/aws-sdk-go-v2/feature/s3/[email protected]
github.com/aws/aws-sdk-go-v2/internal/[email protected]
github.com/aws/aws-sdk-go-v2/internal/endpoints/[email protected]
github.com/aws/aws-sdk-go-v2/internal/[email protected]
github.com/aws/aws-sdk-go-v2/internal/[email protected]
github.com/aws/aws-sdk-go-v2/service/internal/[email protected]
github.com/aws/aws-sdk-go-v2/service/internal/[email protected]
github.com/aws/aws-sdk-go-v2/service/internal/[email protected]
github.com/aws/aws-sdk-go-v2/service/internal/[email protected]
github.com/aws/aws-sdk-go-v2/service/[email protected]
github.com/aws/aws-sdk-go-v2/service/[email protected]
github.com/aws/aws-sdk-go-v2/service/[email protected]
github.com/aws/aws-sdk-go-v2/service/[email protected]
github.com/aws/[email protected]
Go version used
go version go1.23.3 darwin/arm64
The text was updated successfully, but these errors were encountered: