I am working on a project, where I need to fetch the presigned URL for a PDF in a private S3 bucket via React Native.
I'm using aws-sdk(v2.1381.0).
I've set the expiry parameter as 24 hours. The URL is working correctly however when the user changes the time of the device more than 15 mins, I get an cannot create document: pdf is corrupted error.
The URL is getting constructed correctly with device's set time as creation timestamp in url, e.g.
X-Amz-Date is 25-10-23 16:44 which is the device's current time, however the actual current time is 25-10-23 16:28.
According to documentation, the URL should be valid for 24 hrs from the time it was created irrespective of server time.
Can anyone please explain why is this happening?
when the user changes the time of the device more than 15 mins, I get an
cannot create document: pdf is corruptederror.
This is due to clock skew.
If the client's time is different from AWS's time by more than about 15 minutes, the S3 API will reject the requests your application makes with the RequestTimeTooSkewed error code and 403 Forbidden.
According to documentation, the URL should be valid for 24 hrs from the time it was created irrespective of server time.
Incorrect, that is not mentioned in the documentation.
Allowing unlimited clock skew defeats the purpose of a presigned URL which is to provide a limited window of access.
The server time is thus important.