skip to Main Content


The Data Analytics team in a marketing firm is hard at work on their new reporting service. It has been a long time in the making, but once finished, will allow users across the organization to access a personal reporting dashboard with a variety of dashboards and reports. These can be displayed in the browser, but are also available for download as PDF files.

One of the features allows users to receive email notifications with links to the relevant PDF reports. The link in the email is valid for 3 days.
After 3 days, the link in the email will not work, but users will still be able to access the report after signing into their personal reporting dashboard.

The first take at this was to generate and copy any generated report PDF files to an S3 bucket. The bucket is set up with a life cycle policy that is configured with a deletion action after 3 days. The link to an S3 object (specific report) would stop working, once the object was removed from the S3 bucket by the life cycle policy. A random suffix is added to object names to avoid naming conflicts of S3 objects.

One issue that was brought up with the above solution is the inability to set different times dynamically for the expiry of links. Sometimes there’s a need to set the expiry time to something different than 3 days (Based on user, department or report type).
Also, all reports are archived as PDF’s in any case in a separate S3 bucket.
It would save on space, cost and reduce complexity, if the same objects are used and only the links to the objects shared with users will expire (The object will not be deleted or affected, once the link has expired).


  • Points: 10
  • Path: Cloud Engineer


  • Level: 1
  • Estimated time: 1 hour


  • An S3 set up supporting pre-signed S3 URLs pointing to an S3 object as described below

Prototype description:

The S3 presigned URL feature would be very useful in this scenario.
The team would like to see how the links can be generated and how expiry time can be set at creation time. They are also interested in the behaviour of expired links and the resulting error type and message.
The S3 presigned URL should provide only temporary access. The S3 object should not be made publicly available.
The proof of concept will consist of a single accessible (active) presigned URL and another URL that has expired.


An active S3 presigned URL with the following properties:

  • The url shall have an expiration time of 3 days (259200 seconds)
  • The presigned URL shall enable access to an S3 object with the following content:

    "Report ID" : "12345",
    "Report": "Looking good"
  • The object shall be a simple text file (not a pdf file)
  • The S3 object shall not be publicly available (It should only be accessible via the presigned URL)

An expired S3 presigned URL with the following properties:

  • The presigned URL provided shall respond with an HTTP 403 Forbidden message (The default behaviour for an expired presigned URL)
  • The S3 object shall not be publicly available

Your mission, if you choose to accept it,
is to configure the S3 environment and generate the required URLs.

Back To Top