the URL generated from GetPreSignedURL() is safe when exposed to public?

[Shyam268]

The URL generated from GetPreSignedURL() method contains "Bucketname", "Region" and "accesskey".
example:(

https://bucketname.s3.region.amazonaws.com/filepath.log?
X-Amz-Expires=59&
X-Amz-Algorithm=AWS4-HMAC-SHA256&
X-Amz-Credential=Accesskey/20220830/region/s3/aws4_request&
X-Amz-Date=20220830T073528Z&
X-Amz-SignedHeaders=host&
X-Amz-Signature=signature

)

is this safe if it is exposed to public to down load file?
can it be misused?
Here is the sample code to get the file access url from S3 bucket

                             var urlRequest = new GetPreSignedUrlRequest()
				{
					BucketName = bucketName,
					Key = key,
					Expires = DateTime.UtcNow.AddMinutes(1)
				};
				let downloadlink = m_s3Client.GetPreSignedURL(urlRequest);

[ashishdhingra]

@Shyam268 Please refer the S3 documentation Sharing objects using presigned URLs, which mentions that for creating presigned URL the owner must provide the security credentials and then specify a bucket name, an object key, an HTTP method (GET to download the object), and an expiration date and time. Anyone who receives the presigned URL can then access the object. Because presigned URLs grant access to your Amazon S3 buckets to whoever has the URL, it is recommended that you protect them appropriately. For more details about protecting presigned URLs, see Limiting presigned URL capabilities.

[github-actions[bot]]

Hello! Reopening this discussion to make it searchable.