search

sst / ion

SST v3
https://sst.dev
MIT License
1.94k stars 229 forks source link

Bug: `Expired Token` encountered when trying to `PUT` on lambda-generated S3 Presigned URL #835

Closed ian-pascoe closed 1 month ago

ian-pascoe commented 1 month ago

During local dev I am experiencing "Expired Token" when generating a presigned url for a linked S3 bucket.

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>ExpiredToken</Code><Message>The provided token has expired.</Message>

When trying to execute the POST request to the generated presigned url In reading here it looks like it is an issue with the token in the live dev? https://stackoverflow.com/questions/42951040/s3-expiredtoken-error-for-s3-pre-signed-url-within-expiry-period.

I have a NextJS trpc endpoint that I am creating a presigned url and when I call the PUT to that URL it gives me the expired token error Essentially I have 

Client requests presigned URL from TRPC -> TRPC returns presigned URL -> Client calls PUT on presigned URL -> Client receives error

I've also noticed that it doesn't happen the first couple minutes after a fresh deploy. It's if I let the sst dev sit for a little while then try to do the procedure

ian-pascoe commented 1 month ago

More research is showing that the AWS session being expired would cause it. Does sst dev handle refreshing the AWS session token for the local dev linking?

ian-pascoe commented 1 month ago

To color this just a little bit more: I have my AWS access keys in .env. Not sure if this would mess with the session token implementation and if I should only be using aws configure for local dev

thdxr commented 1 month ago

are you explicitly loading .env into your lambda environment? we automatically forward credentials from the real lambda to your local env - if you log process.env that should help you see

ian-pascoe commented 1 month ago

I am not, it is just at the top level of my monorepo. Being automatically loaded by sst dev

ian-pascoe commented 1 month ago

@thdxr - I deleted the AWS credentials from the .env file and I am still running into the issue

ian-pascoe commented 1 month ago

For a basic repro:

  1. Set up the basic NextJS example with S3 bucket upload
  2. Run sst dev
  3. Let everything deploy, leave the process running overnight
  4. On the next day try uploading a file
ian-pascoe commented 1 month ago

Edited above comment it seems like it's happening when the dev process is left running for long periods of time

thdxr commented 1 month ago

gotcha - this is fixed in the latest sst we restart next dev every 45min when the credentials expire

unfortunately no other way to inject new values