AWS S3 URL Signing

Our AWS S3 URL signing integration allows you to securely sign URLs for content stored in your S3 buckets. Follow these steps:

Step 1: Create an IAM Role

1. Follow this guide to create an IAM role or user in AWS or use an existing account.

2. Assign the following minimum policy to the role/user to allow Lasso to generate signed URLs:

   Copy

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Action": [
                   "s3:GetObject"
               ],
               "Resource": "arn:aws:s3:::your-image-bucket/*"
           }
       ]
   }

3. Make note of the Access Key ID and Secret Access Key, as these will be needed in the next steps.

Step 2: Add Signing Information in Lasso

1. Navigate to Settings → Integrations in Lasso.

2. Select AWS S3 and fill in the following fields:

   • Domain: The domain where your content resides (e.g., https://your-image-bucket.s3.amazonaws.com).

   • Region: The AWS region of your bucket.

   • Bucket: The name of your S3 bucket. (e.g., your-image-bucket)

   • Access ID: The Access Key ID from the IAM role or user.

   • Access Key: The Secret Access Key from the IAM role or user.

   • TTL: The time-to-live for the signed URL (minimum 15 minutes).

   • Example URL: Provide an example URL to validate your credentials.

Step 3: Automatic Signing for AWS S3 Content

Once the integration is set up:

• Any content from the specified Domain (e.g., https://your-image-bucket.s3.amazonaws.com) will automatically be signed by Lasso when required.

• Lasso dynamically generates a signed URL whenever it needs to access the content, ensuring secure and temporary access.

• This signed URL is used for analyzing the content or displaying it securely in the dashboard. You do not need to update or manage URLs manually.

• If the signed URL expires, Lasso regenerates it automatically when the content is accessed again.