AWS S3 The security of a signed URL as a hyperlink -

is safe? maintaining security using pre-signed url aws s3 bucket object?

<a href="https://mywebsite.s3.amazonaws.com/40.pdf?awsaccesskeyid=[my access key]&expires=1433297453&signature=[this random set of numbers]">my link</a> 

another words - part 1...

say i'm storing bunch of separate individual's files in bucket. want provide link file user. obviously, each file uniquely consecutively named, don't want people able change link 40.pdf 30.pdf , different file. url seems that.

part 2, , more importantly....

is safe or dangerous method of displaying url in terms of security of bucket? clearly, giving away "access key" here, of course, not "secret".

already answered 3 years ago... sorry. how secure amazon aws access keys?

aws security credentials used when making api calls aws. consist of 2 components:

• access key (eg akiaisemtxnog4abpc6q): similar username. okay people see it.
• secret key: long string of random characters shared secret between , aws. when making api calls, sdk uses shared secret 'sign' api calls. one-way hash, people cannot reverse-engineer secret key. secret key should kept private.

a signed url method of granting time-limited access s3 object. url contains access key , signature, one-way hash calculated object, expiry time , secret key.

a signed url safe because:

• it valid limited time period specify
• it valid amazon s3 object specify
• it cannot used retrieve different object nor can time period modified (because invalidate signature)

however, anyone can use url during valid time period. so, if tweets url, many people potentially access object until expiry time. potential security threat should weighed against benefit of serving traffic directly amazon s3 rather having run own web servers.