The document outlines the design of a timebound download URL, detailing characteristics, use-cases, and high-level architecture. Key topics include IAM role creation, AWS Lambda deployment, and API Gateway setup, along with practical examples of common applications such as content previews and secure transactions. The author, Runcy Oommen, is a software engineering leader with extensive industry experience and a focus on cloud technologies.

1. Designing A Timebound Download URL
Runcy Oommen | 23-Mar-2024

2. | Our Time-bound Agenda |
• Design characteristics and use-cases
• High level architecture overview
• Step-by-step walkthrough of steps (AWS services)
• Q&A, Discussions

3. Software Engineering Leader with 2
decades of industry exp; primarily in
systems, cloud, security, networking
Special interest in serverless, containers
and cloud-native offerings. Firm believer
of a multi-hybrid cloud future
Career
Community
Organizer of GDG Cloud and Cloud Native
meetup groups in Bangalore
Former co-organizer of AWS UG Bangalore
Multiple hackathon wins in cloud/security topics
Recognized by Google as a community influencer
runcyoommen
https://runcy.me

4. A design characteristic to access the
resource ONLY for a specified duration
Some common use-cases:
1. A content creator previewing a work before final signoff
2. Payment request URL for e-commerce transaction
3. Temp resource sharing b/w two external systems without
fear of interception

5. Easter egg: "Spot the stopwatch"

6. A
R
C
H
I
T
E
C
T
U
R
E

7. LET'S BEGIN

8. S3 Bucket Configuration
Central place for object storage

9. General bucket config

10. Block all the public access

11. Leave rest of config as defaults

12. IAM specific role creation
Policies for the serverless function

13. Choose entity and use case

14. Provide the required policies...

15. Saving the role...

17. Key creation and Secrets Manager

18. Generate publicprivate key pair
•openssl genrsa -out private_key.pem 2048
•openssl rsa -pubout -in private_key.pem -out public_key.pem
Add private key to Secrets Manager

19. Update private key as secret plain text

20. AWS Lambda Deployment
Serverless functionality

21. Lambda creation time...

23. Upload code as zip format
https://github.com/roommen/time-bound-url
Code compilation

24. Set appropriate environment variables

26. API Gateway Setup
Entry point of URL generation

27. Let's begin the API

28. Create a new resource

29. Create a new method

30. Select appropriate Lambda function name
Add appropriate permission

31. Appropriate URL query string parameters
Appropriate mapping templates Appropriate header mapping

32. Summary screen

33. Enable CORS

34. OPTIONS method enabled

35. Deploy the API New deployment stage

36. Completion of deployment

37. Create custom domain (optional)

38. Set endpoint config type
Configure API mapping

40. CloudFront Configuration
Distribute it via CDN

41. Paste public key created earlier Create key group

42. Create the distribution

43. Set the cache behavior

44. YAYY!!!

45. runcyoommen
https://runcy.me