If one of my Selenium tests running in CircleCI fails, I upload a browser screenshot to S3 and print a signed getObject URL for it to the console, so that I can look up that screenshot quickly.
The problem is, S3.getSignedUrl adds my AWS AccessKeyId to the URL, and CircleCI is censoring it to ******************** since that value is in my environment variables, so the URL doesn't work:
https://s3.us-west-2.amazonaws.com/<bucket>/ERROR_3_reset_password_workflow_works.png
?AWSAccessKeyId=********************
&Expires=1612389785
&Signature=...
I don't see any options to output a different kind of URL in the getSignedUrl API docs. However, I noticed that when I open an image directly from the S3 console, the URL has a totally different form:
https://s3.us-west-2.amazonaws.com/<bucket>/ERROR_3_reset_password_workflow_works.png
?response-content-disposition=inline
&X-Amz-Security-Token=...
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Date=20210128T222508Z
&X-Amz-SignedHeaders=host
&X-Amz-Expires=300
&X-Amz-Credential=...
&X-Amz-Signature=...
Is there a way I can generate this type of URL with the S3 Node SDK? It doesn't use any values that CircleCI would censor, so it would work for what I'm trying to do.
I'm also looking into using CircleCI artifacts for the error screenshots, but I'd still like to understand how the S3 console is building the latter URL.
The Amazon S3 presignedURL examples here yield the format you're looking for. e.g.
[BUCKET]/[OBJECT]?X-Amz-Algorithm=[]&X-Amz-Content-Sha256=[]&X-Amz-Credential=[]&X-Amz-Date=[]&X-Amz-Expires=[]&X-Amz-Signature=[]&X-Amz-SignedHeaders=[]&x-amz-user-agent=[]
Note: These examples use V3 of the AWS SDK for JavaScript.